Details
-
Improvement
-
Resolution: Fixed
-
Medium
-
None
-
None
Description
eZMySQLiDB::escapeString() returns an unescaped string if no connection is made.
mysql_escape_string() can be used in this case. Although not so secure, better than no escaping at all!