From f9d973389b7572280d35530342b5037cb42ae5c6 Mon Sep 17 00:00:00 2001
From: SecretR <secretr@e107.org>
Date: Thu, 13 Dec 2012 15:47:48 +0200
Subject: [PATCH] extra escape string added

---
 e107_handlers/mysql_class.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/e107_handlers/mysql_class.php b/e107_handlers/mysql_class.php
index 8f3c8da20..b9a854a6e 100644
--- a/e107_handlers/mysql_class.php
+++ b/e107_handlers/mysql_class.php
@@ -825,7 +825,8 @@ class e_db_mysql
 
 			case 'str':
 			case 'string':
-				return "'{$fieldValue}'";
+				//return "'{$fieldValue}'";
+				return "'".$this->escape($fieldValue, false)."'";
 				break;
 
 			case 'float':
@@ -838,7 +839,8 @@ class e_db_mysql
 			break;
 
 			case 'null':
-				return ($fieldValue && $fieldValue !== 'NULL' ? "'{$fieldValue}'" : 'NULL');
+				//return ($fieldValue && $fieldValue !== 'NULL' ? "'{$fieldValue}'" : 'NULL');
+				return ($fieldValue && $fieldValue !== 'NULL' ? "'".$this->escape($fieldValue, false)."'" : 'NULL');
 				break;
 
 			case 'escape':