[eluser]tomodian[/eluser]
Hi. I think I found error in db class for mysql. (mysql_driver.php)
When I post my data, backslashes added automatically, and even though I use stripslashes(), it still adds backslashes.
To avoid this problem, I changed mysql_driver.php to below.
function escape_str($str)
{
if (function_exists('mysql_real_escape_string'))
{
return mysql_real_escape_string($str, $this->conn_id);
}
elseif (function_exists('mysql_escape_string'))
{
return mysql_escape_string($str);
}
else
{
return addslashes($str);
}
}
To
function escape_str($str)
{
/*
if (function_exists('mysql_real_escape_string'))
{
return mysql_real_escape_string($str, $this->conn_id);
}
elseif (function_exists('mysql_escape_string'))
{
return mysql_escape_string($str);
}
else
{
return addslashes($str);
}
*/
return $str;
}
Someone please tell me if this raises security problems.