Skip to content

Commit 629b2c9

Browse files
author
ATutor
committed
Merge pull request #106 from net-ninja/patch-1
Update mysql_connect.inc.php to replace mysqli trim with mysql_real_escape_string to properly filter potential injection attempts, thx mr_me aka net-ninja
2 parents 1759412 + 945a9dc commit 629b2c9

File tree

1 file changed

+3
-9
lines changed

1 file changed

+3
-9
lines changed

Diff for: include/lib/mysql_connect.inc.php

+3-9
Original file line numberDiff line numberDiff line change
@@ -93,14 +93,8 @@ function my_null_slashes($string) {
9393
$addslashes = 'my_add_null_slashes';
9494
$stripslashes = 'stripslashes';
9595
} else {
96-
if(defined('MYSQLI_ENABLED')){
97-
// mysqli_real_escape_string requires 2 params, breaking wherever
98-
// current $addslashes with 1 param exists. So hack with trim and
99-
// manually run mysqli_real_escape_string requires during sanitization below
100-
$addslashes = 'trim';
101-
}else{
102-
$addslashes = 'mysql_real_escape_string';
103-
}
96+
// if get_magic_quotes_gpc is off, we set our own handler
97+
$addslashes = 'mysql_real_escape_string';
10498
$stripslashes = 'my_null_slashes';
10599
}
106100

@@ -406,4 +400,4 @@ function at_field_name($result, $i){
406400
}
407401

408402
////
409-
?>
403+
?>

0 commit comments

Comments
 (0)