diff --git a/core/Convert.php b/core/Convert.php index f3c2eead6..ef40e00cf 100755 --- a/core/Convert.php +++ b/core/Convert.php @@ -104,9 +104,8 @@ class Convert extends Object { if(is_array($val)) { foreach($val as $k => $v) $val[$k] = self::raw2sql($v); return $val; - } else { - return addslashes($val); + return DB::getConn()->addslashes($val); } } diff --git a/core/model/Database.php b/core/model/Database.php index bd7f96a16..a367af82e 100755 --- a/core/model/Database.php +++ b/core/model/Database.php @@ -111,6 +111,14 @@ abstract class Database extends Object { */ protected abstract function tableList(); + /** + * Returns an escaped string. + * + * @param string + * @return string - escaped string + */ + abstract function addslashes($val); + /** * The table list, generated by the tableList() function. * Used by the requireTable() function. diff --git a/core/model/MySQLDatabase.php b/core/model/MySQLDatabase.php index 894e4883e..e0815634e 100644 --- a/core/model/MySQLDatabase.php +++ b/core/model/MySQLDatabase.php @@ -400,6 +400,13 @@ class MySQLDatabase extends Database { user_error($msg, $errorLevel); } + + /* + * This will return text which has been escaped in a database-friendly manner. + */ + function addslashes($value){ + return mysql_real_escape_string($value, $this->dbConn); + } } /**