diff options
author | Dries Buytaert <dries@buytaert.net> | 2005-10-13 10:23:17 +0000 |
---|---|---|
committer | Dries Buytaert <dries@buytaert.net> | 2005-10-13 10:23:17 +0000 |
commit | d3211f014ddb029d603592d64d22dca7fcc6bbd5 (patch) | |
tree | 5d28962a86e8490a693c0d3f037bc54f7d8f8e6d /includes/database.mysqli.inc | |
parent | 5f0e0f364964b46bbaea3390acfe3628d32b0c07 (diff) | |
download | brdo-d3211f014ddb029d603592d64d22dca7fcc6bbd5.tar.gz brdo-d3211f014ddb029d603592d64d22dca7fcc6bbd5.tar.bz2 |
- Modified patch #13180/#29414: use mysql_real_escape_string() to escape
strings rather than addslashes(). mysql_real_escape_string() uses the
connections charset settings to properly escape.
Diffstat (limited to 'includes/database.mysqli.inc')
-rw-r--r-- | includes/database.mysqli.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/includes/database.mysqli.inc b/includes/database.mysqli.inc index f77709cf2..b0a5278d0 100644 --- a/includes/database.mysqli.inc +++ b/includes/database.mysqli.inc @@ -266,7 +266,7 @@ function db_decode_blob($data) { * Prepare user input for use in a database query, preventing SQL injection attacks. */ function db_escape_string($text) { - return addslashes($text); + return mysql_real_escape_string($text); } |