X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db.inc;h=f7d214beb8b8904ccd8ed8ba8ba60370efdbaf50;hb=425fc1ef0f159173f03532054863691d30f5fa17;hp=0b6e4eb919965321d48c68a67b16b1852e44d4ac;hpb=07cdb63555517eaa7ee4c51e6ba45470bc95d0b5;p=fa-stable.git
diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index 0b6e4eb9..f7d214be 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -33,8 +33,8 @@ function db_query($sql, $err_msg=null)
$result = mysql_query($sql, $db);
if ($err_msg != null)
if (function_exists('xdebug_call_file'))
- check_db_error('
At file '.xdebug_call_file().':'.xdebug_call_line().':
'.$err_msg, $sql);
- else
+ check_db_error('
At file '.xdebug_call_file().':'.xdebug_call_line().':
'.$err_msg, $sql);
+ else
check_db_error($err_msg, $sql);
return $result;
@@ -73,9 +73,34 @@ function db_num_fields ($result)
return mysql_num_fields($result);
}
-function db_escape ($result)
+function db_escape($value = "", $nullify = false)
{
- return mysql_escape_string($result);
+ $value = @htmlspecialchars($value, ENT_COMPAT, $_SESSION['language']->encoding);
+
+ //reset default if second parameter is skipped
+ $nullify = ($nullify === null) ? (false) : ($nullify);
+ //undo slashes for poorly configured servers
+ $value = (get_magic_quotes_gpc()) ? (stripslashes($value)) : ($value);
+
+ //check for null/unset/empty strings
+ if ((!isset($value)) || (is_null($value)) || ($value === "")) {
+ $value = ($nullify) ? ("NULL") : ("''");
+ } else {
+ if (is_string($value)) {
+ //value is a string and should be quoted; determine best method based on available extensions
+ if (function_exists('mysql_real_escape_string')) {
+ $value = "'" . mysql_real_escape_string($value) . "'";
+ } else {
+ $value = "'" . mysql_escape_string($value) . "'";
+ }
+ } else if (!is_numeric($value)) {
+ //value is not a string nor numeric
+ display_error("ERROR: incorrect data type send to sql query");
+ echo '
';
+ exit();
+ }
+ }
+ return $value;
}
function db_error_no ()