Skip to content

Commit

Permalink
fixes an issue where calling mysql_real_escape_string doesn't work if…
Browse files Browse the repository at this point in the history 
… we're using mysqli as the engine. Some detenction for that was added.
  • Loading branch information
@illiphilli
illiphilli committed Jul 7, 2011
1 parent bb3bb49 commit f9d705a
Showing 1 changed file with 9 additions and 1 deletion.
10 changes: 9 additions & 1 deletion modules/formbuilder/actions/submit_form.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,15 @@
// $emailValue = htmlspecialchars_decode(html_entity_decode(call_user_func(array($control_type,'parseData'),$c->name,$_POST,true),ENT_COMPAT,LANG_CHARSET));
$emailValue = htmlspecialchars_decode(call_user_func(array($control_type,'parseData'),$c->name,$_POST,true));
//$value = mysql_escape_string($emailValue);
$value = @mysql_real_escape_string($emailValue);

if (DB_ENGINE=='mysqli') {
$value = mysqli_real_escape_string($db->connection,$emailValue);
} elseif(DB_ENGINE=='mysql') {
$value = mysql_real_escape_string($emailValue,$db->connection);
} else {
$value = $emailValue;
}

//eDebug($value);
$varname = $c->name;
$db_data->$varname = $value;
Expand Down

0 comments on commit f9d705a

Please sign in to comment.