From: Roland Häder <roland@mxchange.org>
Date: Wed, 28 Oct 2020 10:05:56 +0000 (+0100)
Subject: Continued:
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=38bd1c5cc3dc5396a2ea957ff67a62d19675509f;p=ctracker.git

Continued:
- addslashes() is really nothing, better htmlentities()

Signed-off-by: Roland Häder <roland@mxchange.org>
---

diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index a95c255..56f44b6 100644
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -146,13 +146,13 @@ function crackerTrackerEscapeString ($string) {
 	// Is the link up?
 	if (!isCrackerTrackerDatabaseLinkUp()) {
 		// Then we cant use mysqli_real_escape_string!
-		$string = addslashes($string);
+		$string = htmlentities($string, ENT_QUOTES);
 	} elseif (function_exists('mysqli_real_escape_string')) {
 		// Use mysqli_real_escape_string()
 		$string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string);
 	} else {
 		// Use fall-back (bad!)
-		$string = addslashes($string);
+		$string = htmlentities($string, ENT_QUOTES);
 	}
 
 	// Return the secured string