User's group created with empty values (mysql escaping problem)
Hi! In recent SVN version, when I create a user, the group for that created with empty fields. I narrowed the problem down to client_edit.php line 139: $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('".mysql_real_escape_string($this->dataRecord["username"])."','',".$this->id.")",'',".$this->id.")", 'groupid');
This query runs on mysql, but with empty parameters. Its a bit strange for me that mysql_real_escape_string is being used there(and many more places, as I found it later), because there is an $app->db->escape_string equivalent, which is using the correct mysqli_real_escape_string.
In my setup, the mysql_real_escape_string tries to call the mysql_connet, as there were no such call before, and couldn't find a proper mysql link. By default, it's called with empty parameters, so tries to connect to the mysql server with a default user, without password, which is not allowed in my setup.
I think either mysqli_real_escape_string or $app->db->escape_string should be used everywhere, if mysqli used instead of mysql class.
Sorry for bother you if I'm mistaken:)