From ba94571f2f87243699c3294050186e13c529fc62 Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Wed, 30 Jan 2013 15:33:35 +0000
Subject: Get rid of explicit mysql_real_escape_string outside of it_dbi

---
 it_user.class | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'it_user.class')

diff --git a/it_user.class b/it_user.class
index 328819b..75fc52e 100644
--- a/it_user.class
+++ b/it_user.class
@@ -352,7 +352,7 @@ function create_password($length = 8, $charset = 'abcdefghjkpqrstuvwxyz23456789A
  */
 function crypt_password($password)
 {
-	$result = $this->query("SELECT PASSWORD('" . mysql_real_escape_string($password) . "')");
+	$result = $this->query("SELECT PASSWORD(" . $this->escape_string($password) . ")");
 	list($pw) = mysql_fetch_array($result);
 
 	return $pw;
-- 
cgit v1.2.3