Skip to content
Permalink
Browse files

Update mysql_connect.inc.php

This one patch, patches all SQL Injection that I found
  • Loading branch information...
Steven Seeley
Steven Seeley committed Mar 7, 2016
1 parent 1759412 commit 945a9dca01def8536516088da30fe6a4b7e9fa85
Showing with 3 additions and 9 deletions.
  1. +3 −9 include/lib/mysql_connect.inc.php
@@ -93,14 +93,8 @@ function my_null_slashes($string) {
$addslashes = 'my_add_null_slashes';
$stripslashes = 'stripslashes';
} else {
if(defined('MYSQLI_ENABLED')){
// mysqli_real_escape_string requires 2 params, breaking wherever
// current $addslashes with 1 param exists. So hack with trim and
// manually run mysqli_real_escape_string requires during sanitization below
$addslashes = 'trim';
}else{
$addslashes = 'mysql_real_escape_string';
}
// if get_magic_quotes_gpc is off, we set our own handler
$addslashes = 'mysql_real_escape_string';
$stripslashes = 'my_null_slashes';
}
@@ -406,4 +400,4 @@ function at_field_name($result, $i){
}
////
?>
?>

2 comments on commit 945a9dc

@gregrgay

This comment has been minimized.

Copy link
Collaborator

replied Mar 30, 2016

Unfortunately have to find another way to do this. Anywhere there's HTML it breaks things.

@stevenseeley

This comment has been minimized.

Copy link
Contributor

replied Mar 30, 2016

due to $addslashes right?

Please sign in to comment.
You can’t perform that action at this time.