See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
***********************************************************************/
define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
$db_last_inserted_id = 0;
$retry = 0;
} while ($retry);
- db_profile($sql);
+ if($SysPrefs->db_trail == 1)
+ $db_last_inserted_id = mysqli_insert_id($db); // cache to avoid trail overwrite
- if($SysPrefs->sql_trail) {
- $db_last_inserted_id = mysqli_insert_id($db); // preserve in case trail insert is done
- if ($SysPrefs->select_trail || (strstr($sql, 'SELECT') === false)) {
- mysqli_query($db, "INSERT INTO ".$cur_prefix."sql_trail
- (`sql`, `result`, `msg`)
- VALUES(".db_escape($sql).",".($result ? 1 : 0).",
- ".db_escape($err_msg).")");
- }
- }
+ db_profile($sql);
if ($err_msg != null || $SysPrefs->go_debug) {
$exit = $err_msg != null;
function db_escape($value = "", $nullify = false)
{
global $db;
-
- $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+ $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
$value = html_specials_encode($value);
//reset default if second parameter is skipped
{
global $db_last_inserted_id, $SysPrefs, $db;
- return $SysPrefs->sql_trail ? $db_last_inserted_id : mysqli_insert_id($db);
+ return $SysPrefs->db_trail == 1 ? $db_last_inserted_id : mysqli_insert_id($db);
}
function db_num_affected_rows()