Update mysql_connect.inc.php

This one patch, patches all SQL Injection that I found
atutor · Mar 7, 2016 · 945a9dc · 945a9dc · gregrgay · Mar 30, 2016
1 parent 1759412
commit 945a9dc
Showing 1 changed file with 3 additions and 9 deletions.
diff --git a/include/lib/mysql_connect.inc.php b/include/lib/mysql_connect.inc.php
@@ -93,14 +93,8 @@ function my_null_slashes($string) {
     $addslashes   = 'my_add_null_slashes';
     $stripslashes = 'stripslashes';
 } else {
-    if(defined('MYSQLI_ENABLED')){
-        // mysqli_real_escape_string requires 2 params, breaking wherever
-        // current $addslashes with 1 param exists. So hack with trim and 
-        // manually run mysqli_real_escape_string requires during sanitization below
-        $addslashes   = 'trim';
-    }else{
-        $addslashes   = 'mysql_real_escape_string';
-    }
+    // if get_magic_quotes_gpc is off, we set our own handler
+    $addslashes   = 'mysql_real_escape_string';
     $stripslashes = 'my_null_slashes';
 }
 
@@ -406,4 +400,4 @@ function at_field_name($result, $i){
 }
 
 ////
-?>
+?>