should fix #1364 and added relevant unit test cases for this bug (yeah for unit tests)

git-svn-id: http://code.elgg.org/elgg/trunk@3676 36083f99-b078-4883-b0ff-0f9b5a30f544
author: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-13 02:32:46 +0000
committer: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2009-11-13 02:32:46 +0000
commit: b080fd96052b1f970495e34841b1b61de34e3f24 (patch)
tree: d5d678525efd515fe796311814ff6aef91ba06b3 /engine/lib/api.php
parent: c5da5e4fe76483085d38da092f68b72151e1ddae (diff)
download: elgg-b080fd96052b1f970495e34841b1b61de34e3f24.tar.gz
elgg-b080fd96052b1f970495e34841b1b61de34e3f24.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 46b3e0e40..bed7a5129 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -634,7 +634,7 @@ function serialise_parameters($method, $parameters) {
 				
 				break;
 			case 'string': 
-				$serialised_parameters .= ",'" .  (string)mysql_real_escape_string(trim($parameters[$key])) . "'"; 
+				$serialised_parameters .= ",'" . addcslashes(trim($parameters[$key]), "'") . "'";
 				break;
 			case 'float': 
 				$serialised_parameters .= "," . (float)trim($parameters[$key]);
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-13 02:32:46 +0000
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2009-11-13 02:32:46 +0000
commit	b080fd96052b1f970495e34841b1b61de34e3f24 (patch)
tree	d5d678525efd515fe796311814ff6aef91ba06b3 /engine/lib/api.php
parent	c5da5e4fe76483085d38da092f68b72151e1ddae (diff)
download	elgg-b080fd96052b1f970495e34841b1b61de34e3f24.tar.gz elgg-b080fd96052b1f970495e34841b1b61de34e3f24.tar.bz2