From 3fd9e3cbef1e93f0dc74c351a59675e90907d510 Mon Sep 17 00:00:00 2001
From: Joe Presbrey <presbrey@mit.edu>
Date: Sun, 29 Oct 2006 02:06:16 +0000
Subject: [PATCH] mysql_escape_string deprecated and replaced by
 mysql_real_escape_string buildSQLInsert fixed when specifying table name

git-svn-id: svn://presbrey.mit.edu/php/lib@113 a142d4bd-2cfb-0310-9673-cb33a7e74f58
---
 lib/joe/joe.lib.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/joe/joe.lib.php b/lib/joe/joe.lib.php
index dffb0df..93bfc21 100644
--- a/lib/joe/joe.lib.php
+++ b/lib/joe/joe.lib.php
@@ -124,7 +124,7 @@ function buildSQLSet($fields, $values=null) {
     if (!is_null($values)) {
         foreach($fields as $field) {
             if ($c++) $sql .= ',';
-            $sql .= " `$field`='".mysql_escape_string(array_shift($values))."'";
+            $sql .= " `$field`='".mysql_real_escape_string(array_shift($values))."'";
         }
     } else {
         foreach($fields as $field=>$value) {
@@ -132,7 +132,7 @@ function buildSQLSet($fields, $values=null) {
             if (in_array($value,$ex)) {
                 $sql .= " `$field`= $value";
             } else {
-                $sql .= " `$field`='".mysql_escape_string($value)."'";
+                $sql .= " `$field`='".mysql_real_escape_string($value)."'";
             }
         }
     }
@@ -150,7 +150,7 @@ function buildSQLInsert($array, $table=null) {
     $sql .= ') VALUES (';
     $c = 0;
        foreach($array as $field=>$value) {
-        $v = mysql_escape_string($value);
+        $v = mysql_real_escape_string($value);
         if ($c++) $sql .= ',';
         if (in_array($v, $ex))
             $sql .= " $v ";
@@ -158,7 +158,7 @@ function buildSQLInsert($array, $table=null) {
             $sql .= " '$v' ";
     }
     $sql .= ')';
-    return (is_null($table)?$sql:('INSERT INTO `'.$table.'` '.$table));
+    return (is_null($table)?$sql:('INSERT INTO `'.$table.'` '.$sql));
 }
 
 function build_str($query_array) {
-- 
2.45.0