Added html_entity_decode in db_escape() for correct INSERT>SELECT>INSERT

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)
diff --git a/includes/db/connect_db.inc b/includes/db/connect_db.inc

index f848f900081bc78fe71c60b78abb66d6ac32dd36..7f0911dcad9e18d03510ca9f9106aba097b3529d 100644 (file)
--- a/includes/db/connect_db.inc
+++ b/includes/db/connect_db.inc
@@ -99,6 +99,7 @@ function db_num_fields ($result)
  
  function db_escape($value = "", $nullify = false)
  {
+       $value = @html_entity_decode($value, ENT_QUOTES, $_SESSION['language']->encoding);
         $value = @htmlspecialchars($value, ENT_QUOTES, $_SESSION['language']->encoding);
  
         //reset default if second parameter is skipped
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Thu, 15 Oct 2009 12:17:30 +0000 (12:17 +0000)