See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
$db_last_inserted_id = 0;
function db_escape($value = "", $nullify = false)
{
global $db;
-
- $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
$value = html_specials_encode($value);
//reset default if second parameter is skipped