See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
$db_last_inserted_id = 0;
$connection = $db_connections[$company];
- $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
- mysqli_select_db($db, $connection["dbname"]);
+ $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+ !empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
+
+ mysqli_select_db($db, $connection["dbname"]);
///// From mysqli release 5.6.6 the sql_mode is no longer empty as it was prior to
///// this release. Just for safety we make it empty for all 5.6 release and higher.
///// This non empty sql_mode values can interphere with FA, so all is set empty during
///// our sessions.
///// We are, however, investigating the existing code to be compatible in the future.
- db_query("SET sql_mode = '".SQL_MODE."'");
+ db_query("SET sql_mode = '".SQL_MODE."'");
/////
$SysPrefs->refresh();
return $db;
function db_escape($value = "", $nullify = false)
{
global $db;
-
- $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
$value = html_specials_encode($value);
//reset default if second parameter is skipped
{
global $db;
- $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"]);
+ $db = mysqli_connect($connection["host"], $connection["dbuser"], $connection["dbpassword"], "",
+ !empty($connection["port"]) ? $connection["port"] : 3306); // default port in mysql is 3306
if (!mysqli_select_db($db, $connection["dbname"]))
{