Fix for SQL_FREERESULT()

[mailer.git] / inc / db / lib-mysql3.php

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 9b42362a0f5336f7dfcd4e764992e4bdb85114d1..1a24f3928997617cc2a11b484fa5edf773e9527e 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -213,21 +213,29 @@ function SQL_CLOSE(&$link, $F, $L) {
 }
 // SQL free result
 function SQL_FREERESULT($result) {
+       if (!is_resource($result)) {
+               // Abort here
+               return false;
+       } // END - if
+
        $res = @mysql_free_result($result);
        return $res;
 }
 // SQL string escaping
 function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
        global $link;
+
+       if ($strip) {
+               $strip = "true";
+       } else {
+               $strip = "false";
+       }
+
        $query = "";
        $eval = "\$query = sprintf(\"".$qstring."\"";
        foreach ($data as $var) {
                if ((!empty($var)) || ($var === 0)) {
-                       if ($strip) {
-                               $eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
-                       } else {
-                               $eval .= ", SQL_ESCAPE(\"".$var."\")";
-                       }
+                       $eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")";
                } else {
                        $eval .= ", ''";
                }
@@ -240,11 +248,14 @@ function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
        //fwrite($fp, $file."(".$line."): ".str_replace("\r", "", str_replace("\n", " ", $eval))."\n");
        //fclose($fp);
        @eval($eval);
+       // Was the eval() command fine?
        if (empty($query)) {
+               // Something went wrong?
                print "eval=".htmlentities($eval)."<pre>";
                debug_print_backtrace();
                die("</pre>");
-       }
+       } // END - if
+
        if ($run) {
                // Run SQL query (default)
                return SQL_QUERY($query, $file, $line);
@@ -258,13 +269,13 @@ function SQL_INSERTID() {
        return @mysql_insert_id();
 }
 // Escape a string for the database
-function SQL_ESCAPE($str, $secureString = true) {
+function SQL_ESCAPE($str, $secureString=true,$strip=true) {
        global $link;
 
        // Secure string first? (which is the default behaviour!)
        if ($secureString) {
                // Then do it here
-               $str = secureString($str);
+               $str = secureString($str, $strip);
        } // END - if
 
        if (!is_resource($link)) {
@@ -274,6 +285,7 @@ function SQL_ESCAPE($str, $secureString = true) {
 
        if (function_exists('mysql_real_escape_string')) {
                // The new and improved version
+               //* DEBUG: */ echo __FUNCTION__.":str={$str}<br />\n";
                return mysql_real_escape_string($str, $link);
        } elseif (function_exists('mysql_escape_string')) {
                // The obsulete function