Add deprecation notice to escapeString

eventum · Nov 9, 2021 · 835f928 · 835f928
1 parent 3bf0e1b
commit 835f928
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/lib/eventum/class.db_helper.php b/lib/eventum/class.db_helper.php
@@ -92,6 +92,7 @@ public static function get_last_insert_id(): int
      * @param   string $str The string that needs to be escaped
      * @param   bool $add_quotes Whether to add quotes around result as well
      * @return  string The escaped string
+     * @deprecated Using this is bad design, must use placeholders in query
      */
     public static function escapeString($str, $add_quotes = false): string
     {

diff --git a/lib/eventum/class.misc.php b/lib/eventum/class.misc.php
@@ -289,7 +289,7 @@ public static function stripInput(&$value): void
      *
      * @param   string|array $input The original string
      * @return  string|array The escaped (or not) string
-     * @deprecated Using this is bad design, must use placeholders in query
+     * @deprecated Using this is bad design, must use placeholders in query. and $add_quote=false is unsafe if used improperly
      */
     public static function escapeString($input, $add_quotes = false)
     {