From 406e0df30aa13584b6b235e26bcc1a9d172bc7d2 Mon Sep 17 00:00:00 2001
From: Eric Marguin <e.marguin@elixir-interactive.com>
Date: Fri, 30 Mar 2007 11:28:30 +0200
Subject: [PATCH] [svn r11798] use Database :: escape_string more than
 addslashes

---
 main/inc/lib/add_course.lib.inc.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/main/inc/lib/add_course.lib.inc.php b/main/inc/lib/add_course.lib.inc.php
index 7b70c013c9..8e36c8b8fa 100644
--- a/main/inc/lib/add_course.lib.inc.php
+++ b/main/inc/lib/add_course.lib.inc.php
@@ -1912,11 +1912,11 @@ function register_course($courseSysCode, $courseScreenCode, $courseRepository, $
 		$titular=addslashes($titular);
 		// here we must add 2 fields
 		$sql = "INSERT INTO ".$TABLECOURSE . " SET
-					code = '".addslashes($courseSysCode) . "',
-					db_name = '".addslashes($courseDbName) . "',
-					directory = '".addslashes($courseRepository) . "',
+					code = '".Database :: escape_string($courseSysCode) . "',
+					db_name = '".Database :: escape_string($courseDbName) . "',
+					directory = '".Database :: escape_string($courseRepository) . "',
 					course_language = '".$course_language . "',
-					title = '".addslashes($title) . "',
+					title = '".Database :: escape_string($title) . "',
 					description = '".lang2db($langCourseDescription) . "',
 					category_code = '".$category . "',
 					visibility = '".$defaultVisibilityForANewCourse . "',
@@ -1926,8 +1926,8 @@ function register_course($courseSysCode, $courseScreenCode, $courseRepository, $
 					expiration_date = ".$expiration_date . ",
 					last_edit = now(),
 					last_visit = NULL,
-					tutor_name = '".addslashes($titular) . "',
-					visual_code = '".addslashes($courseScreenCode) . "'";
+					tutor_name = '".Database :: escape_string($titular) . "',
+					visual_code = '".Database :: escape_string($courseScreenCode) . "'";
 
 		api_sql_query($sql, __FILE__, __LINE__);