X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db.inc;h=f7d214beb8b8904ccd8ed8ba8ba60370efdbaf50;hb=0d469b61b73c9fff2c428eb042d346587f62aac9;hp=cedfd787c09f110f977b4ec1f19f67592af84a7f;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index cedfd787..f7d214be 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -2,7 +2,7 @@
 
 set_global_connection();
 
-function set_global_connection() 
+function set_global_connection()
 {
 	global $db;
 
@@ -27,30 +27,32 @@ function db_query($sql, $err_msg=null)
 		echo "<pre>";
 		echo $sql;
 		echo "</pre>\n";
-	}	
-	
+	}
 
-	$result = mysql_query($sql, $db);
 
+	$result = mysql_query($sql, $db);
 	if ($err_msg != null)
+	  if (function_exists('xdebug_call_file'))
+		check_db_error('<br>At file '.xdebug_call_file().':'.xdebug_call_line().':<br>'.$err_msg, $sql);
+	  else
 		check_db_error($err_msg, $sql);
 
 	return $result;
 }
 
-function db_fetch_row (&$result) 
+function db_fetch_row ($result)
 {
 
 	return mysql_fetch_row($result);
 }
 
-function db_fetch (&$result) 
+function db_fetch ($result)
 {
 
-	return mysql_fetch_array(&$result);
+	return mysql_fetch_array($result);
 }
 
-function db_seek (&$result,$record) 
+function db_seek (&$result,$record)
 {
 	mysql_data_seek($result, $record);
 }
@@ -66,14 +68,39 @@ function db_num_rows (&$result)
 	return mysql_num_rows($result);
 }
 
-function db_num_fields (&$result)
+function db_num_fields ($result)
 {
 	return mysql_num_fields($result);
 }
 
-function db_escape (&$result)
+function db_escape($value = "", $nullify = false)
 {
-	return mysql_escape_string($result);
+	$value = @htmlspecialchars($value, ENT_COMPAT, $_SESSION['language']->encoding);
+
+  	//reset default if second parameter is skipped
+	$nullify = ($nullify === null) ? (false) : ($nullify);
+  	//undo slashes for poorly configured servers
+	$value = (get_magic_quotes_gpc()) ? (stripslashes($value)) : ($value);
+
+  	//check for null/unset/empty strings
+	if ((!isset($value)) || (is_null($value)) || ($value === "")) {
+		$value = ($nullify) ? ("NULL") : ("''");
+	} else {
+		if (is_string($value)) {
+      		//value is a string and should be quoted; determine best method based on available extensions
+			if (function_exists('mysql_real_escape_string')) {
+		  		$value = "'" . mysql_real_escape_string($value) . "'";
+			} else {
+			  $value = "'" . mysql_escape_string($value) . "'";
+			}
+		} else if (!is_numeric($value)) {
+			//value is not a string nor numeric
+			display_error("ERROR: incorrect data type send to sql query");
+			echo '<br><br>';
+			exit();
+		}
+	}
+	return $value;
 }
 
 function db_error_no ()
@@ -82,7 +109,7 @@ function db_error_no ()
 	return mysql_errno($db);
 }
 
-function db_error_msg(&$conn)
+function db_error_msg($conn)
 {
 	return mysql_error($conn);
 }