Removed redundant mysqli_real_escape_string #290

2015-01-23 22:02:22 +01:00 · 2015-01-23 22:02:22 +01:00 · 5d5f86307e
commit 5d5f86307e
parent 2024ccaf39
1 changed files with 2 additions and 2 deletions
--- a/php/api.php
+++ b/php/api.php
@ -54,8 +54,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
 	$plugins = new Plugins($plugins, $database, $settings);

 	# Escape
-	foreach(array_keys($_POST) as $key)	$_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key]));
-	foreach(array_keys($_GET) as $key)	$_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key]));
+	foreach(array_keys($_POST) as $key)	$_POST[$key] = urldecode($_POST[$key]);
+	foreach(array_keys($_GET) as $key)	$_GET[$key] = urldecode($_GET[$key]);

 	# Validate parameters
 	if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1)	exit('Error: Wrong parameter type for albumIDs!');