Small cleanups in installer.

[fa-stable.git] / includes / db / connect_db_mysqli.inc

diff --git a/includes/db/connect_db_mysqli.inc b/includes/db/connect_db_mysqli.inc
index a70e5926b12f839fcc6263d4ab50208f514241fc..87660a4f0e516d4a85ea866ca690d18d918a8b59 100644 (file)
--- a/includes/db/connect_db_mysqli.inc
+++ b/includes/db/connect_db_mysqli.inc
@@ -10,7 +10,7 @@
     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
 ***********************************************************************/
 define('DB_DUPLICATE_ERROR', 1062);
-define('SQL_MODE', ''); // STRICT_ALL_TABLES,NO_ZERO_IN_DATE ?
+define('SQL_MODE', 'STRICT_ALL_TABLES'); // prevents SQL injection with silent field content truncation
 
 $db_last_inserted_id = 0;
 
@@ -52,7 +52,7 @@ function db_query($sql, $err_msg=null)
 
        // set current db prefix
        $comp = isset($_SESSION["wa_current_user"]->cur_con) ? $_SESSION["wa_current_user"]->cur_con : 0;
-       $cur_prefix = $db_connections[$comp]['tbpref'];
+       $cur_prefix = @$db_connections[$comp]['tbpref'];
        $sql = str_replace(TB_PREF, $cur_prefix, $sql);
 
        if ($SysPrefs->show_sql)