X-Git-Url: https://git.mxchange.org/?p=mailer.git;a=blobdiff_plain;f=inc%2Fdb%2Flib-mysql3.php;h=afdf53ec76fbeb838e92e6f756b8476663c483ad;hp=9b42362a0f5336f7dfcd4e764992e4bdb85114d1;hb=fb2e318a47ed99236c9fa63ab94e0c91e805c649;hpb=13c15f245f4635042918d1986a89910b676aae04

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 9b42362a0f..afdf53ec76 100644
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -38,7 +38,7 @@ if (!defined('__SECURITY')) {
 }
 
 // SQL queries
-function SQL_QUERY($sql_string, $F, $L) {
+function SQL_QUERY ($sql_string, $F, $L) {
 	global $link, $CSS, $_CONFIG, $OK;
 
 	// Remove \t, \n and \r from queries they may confuse some MySQL version I have heard
@@ -51,18 +51,18 @@ function SQL_QUERY($sql_string, $F, $L) {
 	//* DEBUG: */ echo $sql_string."<br />\n";
 	$result = @mysql_query($sql_string, $link)
 	 or ADD_FATAL($F." (".$L."):".mysql_error()."<br />
-".MYSQL_QUERY_STRING."<br />
+Query string:<br />
 ".$sql_string);
 
-	// Save last successfull query
-	$_CONFIG['db_last_query'] = $sql_string;
-
 	// Ending time
 	$querytimeAfter = array_sum(explode(' ', microtime()));
 
 	// Calculate query time
 	$queryTime = $querytimeAfter - $querytimeBefore;
 
+	// Save last successfull query
+	$_CONFIG['db_last_query'] = $sql_string;
+
 	// Count this query
 	if (!isset($_CONFIG['sql_count'])) $_CONFIG['sql_count'] = 0;
 	$_CONFIG['sql_count']++;
@@ -197,11 +197,11 @@ function SQL_CLOSE(&$link, $F, $L) {
 		// Skip double close
 		return false;
 	} // END - if
-
-	// Add new hits
-	$_CONFIG['db_hits'] += $_CONFIG['db_hits_run'];
 	//* DEBUG: */ echo "DB=".$_CONFIG['db_hits'].",CACHE=".$_CONFIG['cache_hits']."<br />\n";
 	if ((GET_EXT_VERSION("cache") >= "0.0.7") && (isset($_CONFIG['db_hits'])) && (isset($_CONFIG['cache_hits'])) && (is_object($cacheInstance))) {
+		// Add new hits
+		$_CONFIG['db_hits'] += $_CONFIG['db_hits_run'];
+
 		// Update counter for db/cache
 		UPDATE_CONFIG(array("db_hits", "cache_hits"), array(bigintval($_CONFIG['db_hits']), bigintval($_CONFIG['cache_hits'])));
 	} // END - if
@@ -213,21 +213,29 @@ function SQL_CLOSE(&$link, $F, $L) {
 }
 // SQL free result
 function SQL_FREERESULT($result) {
+	if (!is_resource($result)) {
+		// Abort here
+		return false;
+	} // END - if
+
 	$res = @mysql_free_result($result);
 	return $res;
 }
 // SQL string escaping
 function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
 	global $link;
+
+	if ($strip) {
+		$strip = "true";
+	} else {
+		$strip = "false";
+	}
+
 	$query = "";
 	$eval = "\$query = sprintf(\"".$qstring."\"";
 	foreach ($data as $var) {
 		if ((!empty($var)) || ($var === 0)) {
-			if ($strip) {
-				$eval .= ", SQL_ESCAPE(\"".strip_tags($var)."\")";
-			} else {
-				$eval .= ", SQL_ESCAPE(\"".$var."\")";
-			}
+			$eval .= ", SQL_ESCAPE(\"".$var."\",true,".$strip.")";
 		} else {
 			$eval .= ", ''";
 		}
@@ -236,15 +244,21 @@ function SQL_QUERY_ESC($qstring, $data, $file, $line, $run=true, $strip=true) {
 	//
 	// Debugging
 	//
-	//$fp = fopen(PATH."inc/cache/escape_debug.log", 'a') or mxchange_die("Cannot write debug.log!");
-	//fwrite($fp, $file."(".$line."): ".str_replace("\r", "", str_replace("\n", " ", $eval))."\n");
-	//fclose($fp);
+	//* DEBUG: */ $fp = fopen(PATH."inc/cache/escape_debug.log", 'a') or mxchange_die("Cannot write debug.log!");
+	//* DEBUG: */ fwrite($fp, $file."(".$line."): ".str_replace("\r", "", str_replace("\n", " ", $eval))."\n");
+	//* DEBUG: */ fclose($fp);
+
+	// Run the code
 	@eval($eval);
+
+	// Was the eval() command fine?
 	if (empty($query)) {
+		// Something went wrong?
 		print "eval=".htmlentities($eval)."<pre>";
 		debug_print_backtrace();
 		die("</pre>");
-	}
+	} // END - if
+
 	if ($run) {
 		// Run SQL query (default)
 		return SQL_QUERY($query, $file, $line);
@@ -258,13 +272,13 @@ function SQL_INSERTID() {
 	return @mysql_insert_id();
 }
 // Escape a string for the database
-function SQL_ESCAPE($str, $secureString = true) {
+function SQL_ESCAPE($str, $secureString=true,$strip=true) {
 	global $link;
 
 	// Secure string first? (which is the default behaviour!)
 	if ($secureString) {
 		// Then do it here
-		$str = secureString($str);
+		$str = secureString($str, $strip);
 	} // END - if
 
 	if (!is_resource($link)) {
@@ -274,9 +288,10 @@ function SQL_ESCAPE($str, $secureString = true) {
 
 	if (function_exists('mysql_real_escape_string')) {
 		// The new and improved version
+		//* DEBUG: */ print __FUNCTION__."(<font color=\"#0000aa\">".__LINE__."</font>):str={$str}<br />\n";
 		return mysql_real_escape_string($str, $link);
 	} elseif (function_exists('mysql_escape_string')) {
-		// The obsulete function
+		// The obsolete function
 		return mysql_escape_string($str, $link);
 	} else {
 		// If nothing else works