]> git.mxchange.org Git - ctracker.git/commitdiff
projects / ctracker.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0c5bf14)
Continued:
authorRoland Häder <roland@mxchange.org>
Wed, 28 Oct 2020 10:05:56 +0000 (11:05 +0100)
committerRoland Häder <roland@mxchange.org>
Wed, 28 Oct 2020 10:05:56 +0000 (11:05 +0100)
- addslashes() is really nothing, better htmlentities()

Signed-off-by: Roland Häder <roland@mxchange.org>
libs/lib_connect.php patch | blob | history

diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index a95c25551ecd7e80525d2d7c61ed1dbd1e3c3765..56f44b6d12c858b2d8605c3f412eb9c5a5c3c576 100644 (file)
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -146,13 +146,13 @@ function crackerTrackerEscapeString ($string) {
        // Is the link up?
        if (!isCrackerTrackerDatabaseLinkUp()) {
                // Then we cant use mysqli_real_escape_string!
-               $string = addslashes($string);
+               $string = htmlentities($string, ENT_QUOTES);
        } elseif (function_exists('mysqli_real_escape_string')) {
                // Use mysqli_real_escape_string()
                $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string);
        } else {
                // Use fall-back (bad!)
-               $string = addslashes($string);
+               $string = htmlentities($string, ENT_QUOTES);
        }
 
        // Return the secured string
Cracker Tracker - Stand-alone - Extened Edition