From baf5dda4cc07aa35eb9e41dda90aee0d2cdecf23 Mon Sep 17 00:00:00 2001
From: Sergio Cambra <sergio@programatica.es>
Date: Tue, 08 Jul 2014 09:53:13 -0400
Subject: [PATCH] fix escaping in sql query

---
 interface/lib/classes/db_mysql.inc.php |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index b18d583..c5f5e9f 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -264,11 +264,11 @@
 	}
 
 	public function queryOne($sQuery = '') {
-		return $this->query_one($sQuery);
+		return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
 	}
 
 	public function query_one($sQuery = '') {
-		return $this->queryOneRecord($sQuery);
+		return call_user_func_array(array(&$this, 'queryOneRecord'), func_get_args());
 	}
 
 	/**
@@ -297,11 +297,11 @@
 	}
 
 	public function queryAll($sQuery = '') {
-		return $this->queryAllRecords($sQuery);
+		return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
 	}
 
 	public function query_all($sQuery = '') {
-		return $this->queryAllRecords($sQuery);
+		return call_user_func_array(array(&$this, 'queryAllRecords'), func_get_args());
 	}
 
 	/**
@@ -383,7 +383,7 @@
 		global $app;
 		if(!is_string($sString) && !is_numeric($sString)) {
 			$app->log('NON-String given in escape function! (' . gettype($sString) . ')', LOGLEVEL_INFO);
-			$sAddMsg = getDebugBacktrace();
+			//$sAddMsg = getDebugBacktrace();
 			$app->log($sAddMsg, LOGLEVEL_DEBUG);
 			$sString = '';
 		}
@@ -414,12 +414,12 @@
 		$mysql_error = (is_object($this->_iConnId) ? mysqli_error($this->_iConnId) : mysqli_connect_error());
 		$mysql_errno = (is_object($this->_iConnId) ? mysqli_errno($this->_iConnId) : mysqli_connect_errno());
 
-		$sAddMsg .= getDebugBacktrace();
+		//$sAddMsg .= getDebugBacktrace();
 
 		if($this->show_error_messages && $conf['demo_mode'] === false) {
 			echo $sErrormsg . $sAddMsg;
 		} else if(is_object($app) && method_exists($app, 'log')) {
-				$app->log($sErrormsg . $sAddMsg, LOGLEVEL_WARN);
+				$app->log($sErrormsg . $sAddMsg . ' -> ' . $mysql_errno . ' (' . $mysql_error . ')', LOGLEVEL_WARN);
 			}
 	}
 
@@ -861,6 +861,9 @@
 		case 'blob':
 			return 'blob';
 			break;
+		case 'date':
+			return 'date';
+			break;
 		}
 	}
 

--
Gitblit v1.9.1