I don’t refer to the PHP manual very much for commonly used functions, so I almost missed this one. The ‘mysql_escape_string’ function that’s used in subs.php to prepare data for insertion into the database is deprecated as of PHP 5.3 and should be replaced with ‘mysql_real_escape_string’.
From the PHP manual:
This function [mysql_escape_string()] is identical to mysql_real_escape_string() except that mysql_real_escape_string() takes a connection handler and escapes the string according to the current character set. mysql_escape_string() does not take a connection argument and does not respect the current charset setting.
The new function – mysql_real_escape_string – has been available since PHP 4.3 and, quite frankly, you really shouldn’t be running on anything older than that! So, at the next release of the RTE, I’ll be changing the database functions in subs.php to reflect this change.
On a final note, it’s still my intention to convert the code to run on a database abstraction layer, but I just haven’t had the time to do that yet!