From a4d45d783771d2926d3a14b5d61e8f742d779ccc Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Thu, 24 Feb 2011 18:43:45 +0000
Subject: [PATCH] Fix: compatibility with pgsql, replace all addslashes in
 particular files

---
 htdocs/adherents/fiche.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/htdocs/adherents/fiche.php b/htdocs/adherents/fiche.php
index cd6d68254ea..a662d4241d6 100644
--- a/htdocs/adherents/fiche.php
+++ b/htdocs/adherents/fiche.php
@@ -250,9 +250,9 @@ if ($_REQUEST["action"] == 'update' && ! $_POST["cancel"] && $user->rights->adhe
 		{
 			if (preg_match("/^options_/",$key))
 			{
-				//escape values from POST, at least with addslashes, to avoid obvious SQL injections
+				//escape values from POST, at least with $db->escape, to avoid obvious SQL injections
 				//(array_options is directly input in the DB in adherent.class.php::update())
-				$adh->array_options[$key]=addslashes($_POST[$key]);
+				$adh->array_options[$key]=$db->escape($_POST[$key]);
 			}
 		}
 
@@ -380,9 +380,9 @@ if ($_POST["action"] == 'add' && $user->rights->adherent->creer)
     {
         if (preg_match("/^options_/",$key))
         {
-			//escape values from POST, at least with addslashes, to avoid obvious SQL injections
+			//escape values from POST, at least with $db->escape, to avoid obvious SQL injections
 			//(array_options is directly input in the DB in adherent.class.php::update())
-			$adh->array_options[$key]=addslashes($_POST[$key]);
+			$adh->array_options[$key]=$db->escape($_POST[$key]);
         }
     }