From 38bd1c5cc3dc5396a2ea957ff67a62d19675509f Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Wed, 28 Oct 2020 11:05:56 +0100
Subject: [PATCH] Continued: - addslashes() is really nothing, better
 htmlentities()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: Roland HÃ¤der <roland@mxchange.org>
---
 libs/lib_connect.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libs/lib_connect.php b/libs/lib_connect.php
index a95c255..56f44b6 100644
--- a/libs/lib_connect.php
+++ b/libs/lib_connect.php
@@ -146,13 +146,13 @@ function crackerTrackerEscapeString ($string) {
 	// Is the link up?
 	if (!isCrackerTrackerDatabaseLinkUp()) {
 		// Then we cant use mysqli_real_escape_string!
-		$string = addslashes($string);
+		$string = htmlentities($string, ENT_QUOTES);
 	} elseif (function_exists('mysqli_real_escape_string')) {
 		// Use mysqli_real_escape_string()
 		$string = mysqli_real_escape_string($GLOBALS['ctracker_link'], $string);
 	} else {
 		// Use fall-back (bad!)
-		$string = addslashes($string);
+		$string = htmlentities($string, ENT_QUOTES);
 	}
 
 	// Return the secured string
-- 
2.39.5