Change all the PHP code to use _mysql_query() instead of mysql_query()
(and similar for other functions).
_mysql_query() uses the mysqli API if available, else the old API.
Going forward, all PHP code should the DB abstration layer if possible;
else it should use the _mysql_* functions.
1) it's not correct to apply stripslashes() to all form input.
That should be done only if magic quotes is on.
I fixed this by adding a function undo_magic_quotes()
that does the right thing.
2) There's no reason to strip backslashes from user-supplied text
(forum titles and bodies, private messages, passwords etc.)
I'm not sure why this was being done.
It prevented messages from containing backslashes.
svn path=/trunk/boinc/; revision=15364
- Do not limit donations to integer amounts;
- Use PayPal with https;
- (Hopefully) fix PayPal Instant Payment Notification.
svn path=/trunk/boinc/; revision=12789
David Anderson