From 3f7ceab4a88f6c69cbf242e4854d3702def9a1cf Mon Sep 17 00:00:00 2001 From: Etienne Kneuss Date: Wed, 18 Apr 2007 16:07:17 +0000 Subject: [PATCH] Take magic_quotes_sybase in account (Thanks arpad for the hint) git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@234042 c90b9560-bf6c-de11-be94-00142212c4b1 --- .../mysql/functions/mysql-real-escape-string.xml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/reference/mysql/functions/mysql-real-escape-string.xml b/reference/mysql/functions/mysql-real-escape-string.xml index 20eb5448f9..3428ffa00c 100644 --- a/reference/mysql/functions/mysql-real-escape-string.xml +++ b/reference/mysql/functions/mysql-real-escape-string.xml @@ -1,5 +1,5 @@ - + mysql_real_escape_string @@ -134,18 +134,23 @@ if (isset($_POST['product_name']) && isset($_POST['product_description']) && iss } else { - // Reverse magic_quotes_gpc effects on those vars if ON. + // Reverse magic_quotes_gpc/magic_quotes_sybase effects on those vars if ON. if(get_magic_quotes_gpc()) { - $product_name = stripslashes($_POST['product_name']); - $product_description = stripslashes($_POST['product_description']); + if(ini_get('magic_quotes_sybase')) { + $product_name = str_replace("''", "'", $_POST['product_name']); + $product_description = str_replace("''", "'", $_POST['product_description']); + } else { + $product_name = stripslashes($_POST['product_name']); + $product_description = stripslashes($_POST['product_description']); + } } else { $product_name = $_POST['product_name']; $product_description = $_POST['product_description']; } // Make a safe query - $query = sprintf("INSERT INTO products (`name`, `description`, `user_id`) VALUES ('%s', '%s', '%d')", + $query = sprintf("INSERT INTO products (`name`, `description`, `user_id`) VALUES ('%s', '%s', %d)", mysql_real_escape_string($product_name, $link), mysql_real_escape_string($product_description, $link), $_POST['user_id']);