-// SQL string escaping
-function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
- global $link;
- $eval = "\$query = sprintf(\"".$qstring."\"";
- foreach ($data as $var) {
- if (!empty($var)) {
- if ($strip) {
- $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
- } else {
- $eval .= ", SQL_ESCAPE(\"".$var."\")";
- }
+
+// Get id from last INSERT command and secure id
+function getSqlInsertId () {
+ if (!isSqlLinkUp()) return FALSE;
+ return bigintval(mysql_insert_id());
+}
+
+// Escape a string for the database
+function sqlEscapeString ($str, $secureString = TRUE, $strip = TRUE) {
+ // Is there cache?
+ if (!isset($GLOBALS['sql_escapes']['' . $str . ''])) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - BEFORE!');
+
+ // Prepare the string here
+ $str = sqlPrepareQueryString($str);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - AFTER!');
+
+ // Secure string first? (which is the default behaviour!)
+ if ($secureString === TRUE) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - BEFORE!');
+
+ // Then do it here
+ $str = secureString($str, $strip);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - AFTER!');
+ } // END - if
+
+ // Init (invalid) value
+ $ret = '!INVALID!';
+
+ if (!isSqlLinkUp()) {
+ // Fall-back to escapeQuotes() when there is no link
+ $ret = escapeQuotes($str);
+ } elseif (function_exists('mysql_real_escape_string')) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str);
+
+ // The new and improved version
+ $ret = mysql_real_escape_string($str, getSqlLink());
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+ } elseif (function_exists('mysql_escape_string')) {
+ // The obsolete function
+ $ret = mysql_escape_string($str, getSqlLink());