diff --git a/abstraction.inc.php b/abstraction.inc.php
index e90819d6..162a995b 100644
--- a/abstraction.inc.php
+++ b/abstraction.inc.php
@@ -71,7 +71,7 @@ if (extension_loaded("mysqli")) {
return mysql_select_db($database, $this->_link);
}
- function real_escape_string($string) {
+ function escape_string($string) {
return mysql_real_escape_string($string, $this->_link);
}
}
diff --git a/create.inc.php b/create.inc.php
index 776401b5..9a0e7630 100644
--- a/create.inc.php
+++ b/create.inc.php
@@ -30,10 +30,10 @@ if ($_POST && !$error && !$_POST["add"]) {
. idf_escape($field["field"]) . " $field[type]"
. ($field["length"] ? "(" . (preg_match("~^\\s*(?:$length)(?:\\s*,\\s*(?:$length))*\\s*\$~", $field["length"]) && preg_match_all("~$length~", $field["length"], $matches) ? implode(",", $matches[0]) : intval($field["length"])) . ")" : "")
. (preg_match('~int|float|double|decimal~', $field["type"]) && in_array($field["unsigned"], $unsigned) ? " $field[unsigned]" : "")
- . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " COLLATE '" . $mysql->real_escape_string($field["collation"]) . "'" : "")
+ . (preg_match('~char|text|enum|set~', $field["type"]) && $field["collation"] ? " COLLATE '" . $mysql->escape_string($field["collation"]) . "'" : "")
. ($field["null"] ? "" : " NOT NULL")
. ($key == $_POST["auto_increment"] ? " AUTO_INCREMENT$auto_increment_index" : "")
- . " COMMENT '" . $mysql->real_escape_string($field["comment"]) . "'"
+ . " COMMENT '" . $mysql->escape_string($field["comment"]) . "'"
. (strlen($_GET["create"]) && !strlen($field["orig"]) ? $after : "")
;
$after = "AFTER " . idf_escape($field["field"]);
@@ -41,9 +41,9 @@ if ($_POST && !$error && !$_POST["add"]) {
$fields[] = "DROP " . idf_escape($field["orig"]);
}
}
- $status = ($_POST["Engine"] ? " ENGINE='" . $mysql->real_escape_string($_POST["Engine"]) . "'" : "")
- . ($_POST["Collation"] ? " COLLATE '" . $mysql->real_escape_string($_POST["Collation"]) . "'" : "")
- . " COMMENT='" . $mysql->real_escape_string($_POST["Comment"]) . "'"
+ $status = ($_POST["Engine"] ? " ENGINE='" . $mysql->escape_string($_POST["Engine"]) . "'" : "")
+ . ($_POST["Collation"] ? " COLLATE '" . $mysql->escape_string($_POST["Collation"]) . "'" : "")
+ . " COMMENT='" . $mysql->escape_string($_POST["Comment"]) . "'"
;
if (strlen($_GET["create"])) {
$query = "ALTER TABLE " . idf_escape($_GET["create"]) . " " . implode(", ", $fields) . ", RENAME TO " . idf_escape($_POST["name"]) . ", $status";
@@ -73,7 +73,7 @@ if ($_POST) {
$row["fields"][$row["auto_increment"]]["auto_increment"] = true;
}
} elseif (strlen($_GET["create"])) {
- $result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->real_escape_string($_GET["create"]) . "'");
+ $result = $mysql->query("SHOW TABLE STATUS LIKE '" . $mysql->escape_string($_GET["create"]) . "'");
$row = $result->fetch_assoc();
$row["name"] = $_GET["create"];
$row["fields"] = array_values(fields($_GET["create"]));
diff --git a/database.inc.php b/database.inc.php
index e42e7054..d63a8f87 100644
--- a/database.inc.php
+++ b/database.inc.php
@@ -5,7 +5,7 @@ if ($_POST && !$error) {
redirect(substr(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF), 0, -1), lang('Database has been dropped.'));
}
} elseif ($_GET["db"] !== $_POST["name"]) {
- if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->real_escape_string($_POST["collation"]) . "'" : ""))) {
+ if ($mysql->query("CREATE DATABASE " . idf_escape($_POST["name"]) . ($_POST["collation"] ? " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'" : ""))) {
if (!strlen($_GET["db"])) {
redirect(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been created.'));
}
@@ -21,7 +21,7 @@ if ($_POST && !$error) {
redirect(preg_replace('~(\\?)db=[^&]*&|&db=[^&]*~', '\\1', $SELF) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'));
}
}
- } elseif (!$_POST["collation"] || $mysql->query("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $mysql->real_escape_string($_POST["collation"]) . "'")) {
+ } elseif (!$_POST["collation"] || $mysql->query("ALTER DATABASE " . idf_escape($_POST["name"]) . " COLLATE '" . $mysql->escape_string($_POST["collation"]) . "'")) {
redirect(substr($SELF, 0, -1), ($_POST["collation"] ? lang('Database has been altered.') : null));
}
$error = $mysql->error;
diff --git a/functions.inc.php b/functions.inc.php
index 8ae44956..14b84759 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -108,7 +108,7 @@ function where() {
global $mysql;
$return = array();
foreach ((array) $_GET["where"] as $key => $val) {
- $return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . $mysql->real_escape_string($val) . "'"; //! enum and set
+ $return[] = idf_escape(bracket_escape($key, "back")) . " = BINARY '" . $mysql->escape_string($val) . "'"; //! enum and set
}
foreach ((array) $_GET["null"] as $key) {
$return[] = idf_escape(bracket_escape($key, "back")) . " IS NULL";
@@ -294,7 +294,7 @@ function process_input($name, $field) {
if (preg_match('~char|text|set|binary|blob~', $field["type"]) ? $_POST["null"][$name] : !strlen($return)) {
$return = "NULL";
} elseif ($field["type"] == "enum") {
- $return = (isset($_GET["default"]) ? "'" . $mysql->real_escape_string($return) . "'" : intval($return));
+ $return = (isset($_GET["default"]) ? "'" . $mysql->escape_string($return) . "'" : intval($return));
} elseif ($field["type"] == "set") {
$return = (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'real_escape_string'), (array) $return)) . "'" : array_sum((array) $return));
} elseif (preg_match('~binary|blob~', $field["type"])) {
@@ -302,9 +302,9 @@ function process_input($name, $field) {
if (!is_string($file) && !$field["null"]) {
return false; //! report errors, also empty $_POST (too big POST data, not only FILES)
}
- $return = "_binary'" . (is_string($file) ? $mysql->real_escape_string($file) : "") . "'";
+ $return = "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
} else {
- $return = "'" . $mysql->real_escape_string($return) . "'";
+ $return = "'" . $mysql->escape_string($return) . "'";
}
return $return;
}
diff --git a/index.php b/index.php
index d355f39a..c11dd0c1 100644
--- a/index.php
+++ b/index.php
@@ -51,7 +51,7 @@ if (isset($_GET["dump"])) {
page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
echo '' . lang('Alter database') . "
\n";
if ($mysql->server_info >= 5) {
- $result = $mysql->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $mysql->real_escape_string($_GET["db"]) . "'");
+ $result = $mysql->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "'");
if ($result->num_rows) {
echo "" . lang('Routines') . "
\n";
echo "\n";
diff --git a/select.inc.php b/select.inc.php
index 4570bbb3..5496b053 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -30,7 +30,7 @@ if (!$columns) {
foreach ($indexes as $i => $index) {
if ($index["type"] == "FULLTEXT") {
if (strlen($_GET["fulltext"][$i])) {
- $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->real_escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
+ $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
}
echo "(" . implode(", ", $index["columns"]) . ") AGAINST";
echo ' ';
@@ -42,7 +42,7 @@ if (!$columns) {
$i = 0;
foreach ((array) $_GET["where"] as $val) {
if (strlen($val["col"]) && in_array($val["op"], $operators)) {
- $where[] = idf_escape($val["col"]) . " $val[op]" . ($val["op"] != "IS NULL" ? " '" . $mysql->real_escape_string($val["val"]) . "'" : "");
+ $where[] = idf_escape($val["col"]) . " $val[op]" . ($val["op"] != "IS NULL" ? " '" . $mysql->escape_string($val["val"]) . "'" : "");
echo "";
echo "";
echo "
\n";
@@ -104,7 +104,7 @@ for (var i=0; > i; i++) {
$childs = array();
if ($mysql->server_info >= 5) {
// would be possible in earlier versions too, but only by examining all tables (in all databases)
- $result1 = $mysql->query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . $mysql->real_escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . $mysql->real_escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
+ $result1 = $mysql->query("SELECT * FROM information_schema.KEY_COLUMN_USAGE WHERE REFERENCED_TABLE_SCHEMA = '" . $mysql->escape_string($_GET["db"]) . "' AND REFERENCED_TABLE_NAME = '" . $mysql->escape_string($_GET["select"]) . "' ORDER BY ORDINAL_POSITION");
while ($row1 = $result1->fetch_assoc()) {
$childs[$row1["CONSTRAINT_NAME"]][0] = $row1["TABLE_SCHEMA"];
$childs[$row1["CONSTRAINT_NAME"]][1] = $row1["TABLE_NAME"];
diff --git a/table.inc.php b/table.inc.php
index d75c520d..b487291d 100644
--- a/table.inc.php
+++ b/table.inc.php
@@ -45,7 +45,7 @@ if (!$result) {
}
if ($mysql->server_info >= 5) {
- $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->real_escape_string($_GET["table"]) . "'");
+ $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string($_GET["table"]) . "'");
if ($result->num_rows) {
echo "" . lang('Triggers') . "
\n";
echo "