From 1a94e75c38a62540d7360a3b638bfa41c3af9c42 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Mon, 19 Dec 2005 18:01:36 +0000
Subject: [PATCH] - fix sql escaping for non-mysql db's (we forgot this one, or
 removed it accidently)

git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@5356 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html    | 3 ++-
 phpBB/includes/functions.php | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index a5ad4e7134..bc12cce8aa 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -71,8 +71,9 @@ p,ul,td {font-size:10pt;}
 <li>[Fix] added session keys table to backup</li>
 <li>[Fix] changes to support MySQL 5.0</li>
 <li>[Fix] changes to some of the admin files to improve efficiency and remove a potential error condition when building the menu (cxib)</li>
-<li>[Fix] change truncation of username length in usercp_register.php (BFUK)
+<li>[Fix] change truncation of username length in usercp_register.php - BFUK</li>
 <li>[Fix] incorrect path to avatars in admin_users.php (Bug #667)</li>
+<li>[Fix] fixed get_userdata to support correct sql escaping (non-mysql dbs) - jarnaez</li>
 </ul>
 
 
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index 993b194df8..8c24488981 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -158,7 +158,7 @@ function get_userdata($user, $force_str = false)
 	$sql = "SELECT *
 		FROM " . USERS_TABLE . " 
 		WHERE ";
-	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  $user . "'" ) . " AND user_id <> " . ANONYMOUS;
+	$sql .= ( ( is_integer($user) ) ? "user_id = $user" : "username = '" .  str_replace("\'", "''", $user) . "'" ) . " AND user_id <> " . ANONYMOUS;
 	if ( !($result = $db->sql_query($sql)) )
 	{
 		message_die(GENERAL_ERROR, 'Tried obtaining data for a non-existent user', '', __LINE__, __FILE__, $sql);