db_escape_string: remove tags by default (refs #323)

author: Andrew Dolgov <[email protected]> 2011-02-19 16:55:36 +0300
committer: Andrew Dolgov <[email protected]> 2011-02-19 16:55:36 +0300
commit: c7a8deacd97242e33a1d4111ccd1da6810d28255 (patch)
tree: 5fc930eebd1d3cbc3fc0ec8876420d73ccf1e971 /db.php
parent: 685352116602e42b23484119f1fde5c6b7fef594 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/db.php b/db.php
index 844bd0e41..9b1ce5d84 100644
--- a/db.php
+++ b/db.php
@@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) {
 	}
 }
 
-function db_escape_string($s) {
+function db_escape_string($s, $strip_tags = true) {
+	if ($strip_tags) $s = strip_tags($s);
+
 	if (DB_TYPE == "pgsql") {	
 		return pg_escape_string($s);
 	} else {
author	Andrew Dolgov <[email protected]>	2011-02-19 16:55:36 +0300
committer	Andrew Dolgov <[email protected]>	2011-02-19 16:55:36 +0300
commit	c7a8deacd97242e33a1d4111ccd1da6810d28255 (patch)
tree	5fc930eebd1d3cbc3fc0ec8876420d73ccf1e971 /db.php
parent	685352116602e42b23484119f1fde5c6b7fef594 (diff)