From: Roland Häder Date: Wed, 28 Oct 2020 10:05:56 +0000 (+0100) Subject: Continued: X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=38bd1c5cc3dc5396a2ea957ff67a62d19675509f;p=ctracker.git Continued: - addslashes() is really nothing, better htmlentities() Signed-off-by: Roland Häder --- diff --git a/libs/lib_connect.php b/libs/lib_connect.php index a95c255..56f44b6 100644 --- a/libs/lib_connect.php +++ b/libs/lib_connect.php @@ -146,13 +146,13 @@ function crackerTrackerEscapeString ($string) { // Is the link up? if (!isCrackerTrackerDatabaseLinkUp()) { // Then we cant use mysqli_real_escape_string! - $string = addslashes($string); + $string = htmlentities($string, ENT_QUOTES); } elseif (function_exists('mysqli_real_escape_string')) { // Use mysqli_real_escape_string() $string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string); } else { // Use fall-back (bad!) - $string = addslashes($string); + $string = htmlentities($string, ENT_QUOTES); } // Return the secured string