From faf71c5f3ef8823328f4f98e4562744ff04632ee Mon Sep 17 00:00:00 2001 From: Damien Regad Date: Mon, 25 Jan 2021 01:52:20 +0100 Subject: Remove all magic quotes related code The $magic_quote parameter for public methods was kept for backwards compatibility purposes, but is no longer used. Fixes #674 --- drivers/adodb-pdo.inc.php | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) (limited to 'drivers/adodb-pdo.inc.php') diff --git a/drivers/adodb-pdo.inc.php b/drivers/adodb-pdo.inc.php index 4dab4884..6ceddb14 100644 --- a/drivers/adodb-pdo.inc.php +++ b/drivers/adodb-pdo.inc.php @@ -618,25 +618,23 @@ class ADODB_pdo extends ADOConnection { /** * Quotes a string to be sent to the database. + * * If we have an active connection, delegates quoting to the underlying - * PDO object. Otherwise, replace "'" by the value of $replaceQuote (same - * behavior as mysqli driver) - * @param string $s The string to quote - * @param boolean $magic_quotes If false, use PDO::quote(). + * PDO object PDO::quote(). Otherwise, replace "'" by the value of + * $replaceQuote (same behavior as mysqli driver). + * + * @param string $s The string to quote + * @param bool $magic_quotes This param is not used since 5.21.0. + * It remains for backwards compatibility. + * * @return string Quoted string */ - function qstr($s, $magic_quotes = false) + function qStr($s, $magic_quotes = false) { - if (!$magic_quotes) { - if ($this->_connectionID) { - return $this->_connectionID->quote($s); - } - return "'" . str_replace("'", $this->replaceQuote, $s) . "'"; + if ($this->_connectionID) { + return $this->_connectionID->quote($s); } - - // undo magic quotes for " - $s = str_replace('\\"', '"', $s); - return "'$s'"; + return "'" . str_replace("'", $this->replaceQuote, $s) . "'"; } } -- cgit v1.3