// Debug output
//* DEBUG: */ print "Query=<pre>".$sql_string."</pre>, affected=<b>".SQL_AFFECTEDROWS()."</b>, numrows=<b>".SQL_NUMROWS($result)."</b><br />\n";
- if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (DEBUG_SQL)) {
+ if (($CSS != "1") && ($CSS != "-1") && (isBooleanConstantAndTrue('DEBUG_MODE')) && (isBooleanConstantAndTrue('DEBUG_SQL'))) {
//
// Debugging stuff...
//
global $_CONFIG, $cacheInstance, $cacheArray;
if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
// Update counter for db/cache
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%d, cache_hits=%d WHERE config=0 LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_config SET db_hits=%s, cache_hits=%s WHERE config=0 LIMIT 1",
array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])), __FILE__, __LINE__);
// Update cache here
return @mysql_insert_id();
}
// Escape a string for the database
-function SQL_ESCAPE($str) {
+function SQL_ESCAPE($str, $secureString = true) {
global $link;
+ // Secure string first? (which is the default behaviour!)
+ if ($secureString) {
+ // Then do it here
+ $str = secureString($str);
+ } // END - if
+
if (!is_resource($link)) {
// Fall-back to addslashes() when there is no link
return addslashes($str);
// SELECT query string from table, columns and so on... ;-)
function SQL_RESULT_FROM_ARRAY ($table, $columns, $idRow, $id) {
// Prepare the SQL statement
- $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%d LIMIT 1";
+ $SQL = "SELECT ".implode(", ", $columns)." FROM "._MYSQL_PREFIX."_".$table." WHERE ".$idRow."=%s LIMIT 1";
// Return the result
return SQL_QUERY_ESC($SQL, array(bigintval($id)), __FILE__, __LINE__);