X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=includes%2Fdb%2Fconnect_db_mysqli.inc;h=696fd8285a1646bc49aa406a41ff8ae4e7a32923;hb=2bcdab793e406bb5a44d2c4e079ec7cc2a1aa857;hp=48b57402df0d1e68696f2273112d69f358cac9f9;hpb=7f32bbd73c782449684cf6c6bf987e5bfbae9eb7;p=fa-stable.git

diff --git a/includes/db/connect_db_mysqli.inc b/includes/db/connect_db_mysqli.inc
index 48b57402..696fd828 100644
--- a/includes/db/connect_db_mysqli.inc
+++ b/includes/db/connect_db_mysqli.inc
@@ -10,7 +10,7 @@
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
 
 $db_last_inserted_id = 0;
 
@@ -135,8 +135,8 @@ function db_num_fields($result)
 function db_escape($value = "", $nullify = false)
 {
 	global $db;
-	
-	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
+
+	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding=='iso-8859-2' ? 'ISO-8859-1' : $_SESSION['language']->encoding);
 	$value = html_specials_encode($value);
 
   	//reset default if second parameter is skipped