From 419d95eb4c59060deba812a55dfbfed80e086990 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 24 Jan 2026 12:50:40 +0000
Subject: [PATCH] Refine SQL connection escaping

Co-authored-by: LeOSW42 <673670+LeOSW42@users.noreply.github.com>
---
 includes/database.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/includes/database.php b/includes/database.php
index 6824bca..4d41bdf 100644
--- a/includes/database.php
+++ b/includes/database.php
@@ -4,7 +4,8 @@ namespace Kabano;
 
 function sql_escape_connection_value($value) {
 	$value = (string)$value;
-	$value = str_replace(['\\', "'"], ['\\\\', "\\'"], $value);
+	$value = str_replace("\0", '', $value);
+	$value = str_replace(['\\', "'", '"'], ['\\\\', "\\'", '\\"'], $value);
 	return "'".$value."'";
 }
 
@@ -16,7 +17,7 @@ function sql_connect() {
 		." user=".sql_escape_connection_value($config['SQL_user'])
 		." password=".sql_escape_connection_value($config['SQL_pass']);
 
-	$con = @pg_connect($connection);
+	$con = pg_connect($connection);
 	if (!$con) {
 		$error = error_get_last();
 		$message = $error && isset($error['message']) ? $error['message'] : "unknown error";