From b2c5bd85a31056e5676905a852bef1ac44260884 Mon Sep 17 00:00:00 2001
From: Alexey Melnichuk <mimir@newmail.ru>
Date: Tue, 29 Mar 2016 16:34:36 +0300
Subject: [PATCH] Fix. use `mysqli_real_escape_string` instead or deprecated
 `mysql_real_escape_string`

From PHP.net
```
Warning
This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0.
Instead, the MySQLi or PDO_MySQL extension should be used.
...
Alternatives to this function include:
 * mysqli_real_escape_string()
 * PDO::quote()
```
---
 resources/functions.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/resources/functions.php b/resources/functions.php
index 95154a55bb..1dbc6c76ae 100644
--- a/resources/functions.php
+++ b/resources/functions.php
@@ -54,7 +54,7 @@
 
 	if (!function_exists('check_str')) {
 		function check_str($string) {
-			global $db_type;
+			global $db_type, $db;
 			//when code in db is urlencoded the ' does not need to be modified
 			if ($db_type == "sqlite") {
 				if (function_exists('sqlite_escape_string')) {
@@ -68,7 +68,12 @@
 				$string = pg_escape_string($string);
 			}
 			if ($db_type == "mysql") {
-				$tmp_str = mysql_real_escape_string($string);
+				if(function_exists('mysql_real_escape_string')){
+					$tmp_str = mysql_real_escape_string($string);
+				}
+				else{
+					$tmp_str = mysqli_real_escape_string($db, $string);
+				}
 				if (strlen($tmp_str)) {
 					$string = $tmp_str;
 				}