function SQL_ESCAPE ($str, $secureString = TRUE, $strip = TRUE) {
// Is there cache?
if (!isset($GLOBALS['sql_escapes']['' . $str . ''])) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - BEFORE!');
+
// Prepare the string here
$str = SQL_PREPARE_SQL_STRING($str);
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ' - AFTER!');
+
// Secure string first? (which is the default behaviour!)
if ($secureString === TRUE) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - BEFORE!');
+
// Then do it here
$str = secureString($str, $strip);
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',strip=' . intval($strip) . ' - AFTER!');
} // END - if
+ // Init (invalid) value
+ $ret = '!INVALID!';
+
if (!SQL_IS_LINK_UP()) {
// Fall-back to escapeQuotes() when there is no link
$ret = escapeQuotes($str);
} elseif (function_exists('mysql_real_escape_string')) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str);
+
// The new and improved version
$ret = mysql_real_escape_string($str, SQL_GET_LINK());
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
} elseif (function_exists('mysql_escape_string')) {
// The obsolete function
$ret = mysql_escape_string($str, SQL_GET_LINK());
$ret = escapeQuotes($str);
}
+ // Log message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',ret=' . $ret);
+
// Cache result
$GLOBALS['sql_escapes']['' . $str . ''] = $ret;
} // END - if
+ // Log message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'str=' . $str . ',sql_escapes=' . $GLOBALS['sql_escapes']['' . $str . '']);
+
// Return it
return $GLOBALS['sql_escapes']['' . $str . ''];
}
// Private function to prepare the SQL query string
function SQL_PREPARE_SQL_STRING ($sqlString, $enableCodes = TRUE) {
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ',enableCodes=' . intval($enableCodes) . ' - ENTERED!');
+
// Is it already cached?
- if (!isset($GLOBALS['sql_strings'][$sqlString])) {
+ if (!isset($GLOBALS['sql_strings']['' . $sqlString . ''])) {
// Compile URI codes+config+expression code
$sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG(compileUriCode($sqlString)));
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString2=' . $sqlString2);
+
// Do final compilation
- $GLOBALS['sql_strings'][$sqlString] = doFinalCompilation($sqlString2, FALSE, $enableCodes);
- } // END - if
+ $GLOBALS['sql_strings']['' . $sqlString . ''] = doFinalCompilation($sqlString2, FALSE, $enableCodes);
+ } else {
+ // Log message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ' - CACHE!');
+ }
+
+ // Debug message
+ //* DEBUG: */ logDebugMessage(__FUNCTION__, __LINE__, 'sqlString=' . $sqlString . ',enableCodes=' . intval($enableCodes) . ',sql_strings=' . $GLOBALS['sql_strings']['' . $sqlString . ''] . ' - EXIT!');
// Return it
- return $GLOBALS['sql_strings'][$sqlString];
+ return $GLOBALS['sql_strings']['' . $sqlString . ''];
}
// Creates a MySQL TIMESTAMP compatible string from given Uni* timestamp