// Is the link up?
if (!isCrackerTrackerDatabaseLinkUp()) {
// Then we cant use mysqli_real_escape_string!
- $string = addslashes($string);
+ $string = htmlentities($string, ENT_QUOTES);
} elseif (function_exists('mysqli_real_escape_string')) {
// Use mysqli_real_escape_string()
$string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string);
} else {
// Use fall-back (bad!)
- $string = addslashes($string);
+ $string = htmlentities($string, ENT_QUOTES);
}
// Return the secured string