function SQL_ESCAPE ($str, $secureString = true, $strip = true) {
// Do we have cache?
if (!isset($GLOBALS['sql_escapes'][''.$str.''])) {
+ // Prepare the string here
+ $str = SQL_PREPARE_SQL_STRING($str);
+
// Secure string first? (which is the default behaviour!)
if ($secureString === true) {
// Then do it here
function SQL_PREPARE_SQL_STRING ($sqlString, $enableCodes = true) {
// Is it already cached?
if (!isset($GLOBALS['sql_strings'][$sqlString])) {
- // Compile config+expression code
- $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG($sqlString));
+ // Compile URI codes+config+expression code
+ $sqlString2 = FILTER_COMPILE_EXPRESSION_CODE(FILTER_COMPILE_CONFIG(compileUriCode($sqlString)));
// Do final compilation
$GLOBALS['sql_strings'][$sqlString] = doFinalCompilation($sqlString2, false, $enableCodes);
- //die($sqlString.'<br />'.$sqlString2.'<br />'.$GLOBALS['sql_strings'][$sqlString]);
} // END - if
// Return it