mysql_escape_string deprecated and replaced by mysql_real_escape_string

buildSQLInsert fixed when specifying table name

git-svn-id: svn://presbrey.mit.edu/php/lib@113 a142d4bd-2cfb-0310-9673-cb33a7e74f58

diff --git a/lib/joe/joe.lib.php b/lib/joe/joe.lib.php
index dffb0df346513b609b716774770accef27126833..93bfc219bf5ab8e69f0b5ffefa34c7e721a34289 100644 (file)
--- a/lib/joe/joe.lib.php
+++ b/lib/joe/joe.lib.php
@@ -124,7 +124,7 @@ function buildSQLSet($fields, $values=null) {
     if (!is_null($values)) {
         foreach($fields as $field) {
             if ($c++) $sql .= ',';
-            $sql .= " `$field`='".mysql_escape_string(array_shift($values))."'";
+            $sql .= " `$field`='".mysql_real_escape_string(array_shift($values))."'";
         }
     } else {
         foreach($fields as $field=>$value) {
@@ -132,7 +132,7 @@ function buildSQLSet($fields, $values=null) {
             if (in_array($value,$ex)) {
                 $sql .= " `$field`= $value";
             } else {
-                $sql .= " `$field`='".mysql_escape_string($value)."'";
+                $sql .= " `$field`='".mysql_real_escape_string($value)."'";
             }
         }
     }
@@ -150,7 +150,7 @@ function buildSQLInsert($array, $table=null) {
     $sql .= ') VALUES (';
     $c = 0;
        foreach($array as $field=>$value) {
-        $v = mysql_escape_string($value);
+        $v = mysql_real_escape_string($value);
         if ($c++) $sql .= ',';
         if (in_array($v, $ex))
             $sql .= " $v ";
@@ -158,7 +158,7 @@ function buildSQLInsert($array, $table=null) {
             $sql .= " '$v' ";
     }
     $sql .= ')';
-    return (is_null($table)?$sql:('INSERT INTO `'.$table.'` '.$table));
+    return (is_null($table)?$sql:('INSERT INTO `'.$table.'` '.$sql));
 }
 
 function build_str($query_array) {