From 51a913374622184554ad97166f0e265f8d443386 Mon Sep 17 00:00:00 2001
From: quentusrex <quentusrex@ispconfig3>
Date: Thu, 30 Oct 2008 14:15:06 -0400
Subject: [PATCH] :( I had it right the first time. It's getting too late to submit patches.

---
 interface/lib/classes/db_mysql.inc.php |   14 +++++++++-----
 1 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index eaa57b0..8084443 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -160,10 +160,14 @@
         return $this->quote($formfield);
     }
 		
-	/** Escapes quotes in variable. addslashes() */
+	/** Escapes quotes in variable. mysql_real_escape_string() */
     public function quote($formfield)
-    {
-        return addslashes($formfield);
+    {	
+		if(!$this->connect()){
+			$this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string');
+			return addslashes($formfield);
+		}
+        return mysql_real_escape_string($formfield, $this->linkId);
     }
 		
 	/** Unquotes a variable, strip_slashes() */
@@ -246,10 +250,10 @@
 			}
 		} elseif(is_array($record_new)) {
 			foreach($record_new as $key => $val) {
-				if(isset($record_new[$key]) && $record_old[$key] != $val) {
+				if(isset($record_new[$key]) && @$record_old[$key] != $val) {
 					// Record has changed
 					$diffrec_full['new'][$key] = $val;
-					$diffrec_full['old'][$key] = $record_old[$key];
+					$diffrec_full['old'][$key] = @$record_old[$key];
 					$diff_num++;
 				} else {
 					$diffrec_full['new'][$key] = $val;

--
Gitblit v1.9.1