From d630f596623009712db8e8b3e8b53a949d83c824 Mon Sep 17 00:00:00 2001 From: Janusz Dobrowolski Date: Thu, 15 Oct 2009 12:17:30 +0000 Subject: [PATCH] Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT operations. --- includes/db/connect_db.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc index f848f900..7f0911dc 100644 --- a/includes/db/connect_db.inc +++ b/includes/db/connect_db.inc @@ -99,6 +99,7 @@ function db_num_fields ($result) function db_escape($value = "", $nullify = false) { + $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding); $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding); //reset default if second parameter is skipped -- 2.30.2