From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Thu, 15 Oct 2009 12:17:30 +0000 (+0000)
Subject: Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT
X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=503932c98018fe3f261651859d6233fad2a69784;p=textcart.git

Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT
operations.
---

diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc
index f848f90..7f0911d 100644
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -99,6 +99,7 @@ function db_num_fields ($result)
 
 function db_escape($value = "", $nullify = false)
 {
+	$value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
 	$value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
 
   	//reset default if second parameter is skipped