From 07cdaafc715bf55126959f93bd79b51b3cadddce Mon Sep 17 00:00:00 2001
From: fantu <fantu@ispconfig3>
Date: Sun, 30 Nov 2008 16:38:29 -0500
Subject: [PATCH] 

---
 server/lib/classes/db_mysql.inc.php |   34 +++++++++++++++++++++-------------
 1 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/server/lib/classes/db_mysql.inc.php b/server/lib/classes/db_mysql.inc.php
index bc26ac5..0270821 100644
--- a/server/lib/classes/db_mysql.inc.php
+++ b/server/lib/classes/db_mysql.inc.php
@@ -29,18 +29,19 @@
 
 	class db
 	{
-		var $dbHost = "";		// hostname of the MySQL server
-		var $dbName = "";		// logical database name on that server
-		var $dbUser = "";		// database authorized user
-		var $dbPass = "";		// user's password
-		var $linkId = 0;		// last result of mysql_connect()
-		var $queryId = 0;		// last result of mysql_query()
-		var $record	= array();	// last record fetched
-        var $autoCommit = 1;    // Autocommit Transactions
-		var $currentRow;		// current row number
-		var $errorNumber = 0;	// last error number
-		var $errorMessage = "";	// last error message
-		var $errorLocation = "";// last error location
+		var $dbHost = "";		  // hostname of the MySQL server
+		var $dbName = "";		  // logical database name on that server
+		var $dbUser = "";		  // database authorized user
+		var $dbPass = "";		  // user's password
+		var $dbCharset = "";      // what charset comes and goes to mysql: utf8 / latin1
+		var $linkId = 0;		  // last result of mysql_connect()
+		var $queryId = 0;		  // last result of mysql_query()
+		var $record	= array();	  // last record fetched
+        var $autoCommit = 1;      // Autocommit Transactions
+		var $currentRow;		  // current row number
+		var $errorNumber = 0;	  // last error number
+		var $errorMessage = "";	  // last error message
+		var $errorLocation = "";  // last error location
 		var $show_error_messages = false;
 
 		// constructor
@@ -52,6 +53,7 @@
 			$this->dbName = $conf["db_database"];
 			$this->dbUser = $conf["db_user"];
 			$this->dbPass = $conf["db_password"];
+			$this->dbCharset = $conf["db_charset"];
 			//$this->connect();
 		}
 
@@ -78,6 +80,7 @@
 					$this->updateError('DB::connect()<br />mysql_connect');
 					return false;
 				}
+    			$this->queryId = @mysql_query('SET NAMES '.$this->dbCharset, $this->linkId);
 			}
 			return true;
 		}
@@ -163,7 +166,12 @@
 		// Check der variablen
         function quote($formfield)
         {
-            return addslashes($formfield);
+            if(!$this->connect()){
+				$this->updateError('WARNING: mysql_connect: Used addslashes instead of mysql_real_escape_string');
+				return addslashes($formfield);
+			}
+			
+			return mysql_real_escape_string($formfield);
         }
 		
 		// Check der variablen

--
Gitblit v1.9.1