1 files changed, 22 insertions, 13 deletions

diff --git a/lib/sql.php b/lib/sql.php
index 9f65568..839d469 100644
--- a/lib/sql.php
+++ b/lib/sql.php
@@ -4,30 +4,40 @@ require("conf/sql.php");
 
 $sql_queries = 0;
 $sql_connected = false;
+$sql_conn = null;
 
 function sql_connect() {
-	global $sql_server, $sql_user, $sql_password, $sql_database, $sql_connected;
+	global $sql_server, $sql_user, $sql_password, $sql_database, $sql_connected, $sql_conn;
 	if ($sql_connected == true) return;
-	if (!@mysql_connect($sql_server, $sql_user, $sql_password)) {
+
+	try {
+		$sql_conn = new PDO("mysql:host=$sql_server;dbname=$sql_database;charset=utf8",
+							$sql_user, $sql_password, [
+								PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
+								PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
+								PDO::ATTR_EMULATE_PREPARES   => false,
+							]);
+	} catch(PDOException $e) {
 		$title = "Cannot connect to SQL server";
-		$error = "An error has occurred with the SQL server !";
+		$error = "An error has occurred with the SQL server ! " . $e->getMessage();
 		require("tpl/general/empty.php");
 	}
-	mysql_select_db($sql_database);
-	mysql_query("SET NAMES 'utf8'");
 	$sql_connected = true;
 }
 
-function sql($r) {
-	global $sql_queries, $sql_connected;
+function sql($r, ...$args) {
+	global $sql_queries, $sql_connected, $sql_conn;
 	if ($sql_connected != true) sql_connect();
 	$sql_queries++;
-	if ($a = mysql_query($r)) {
-		return $a;
-	} else {
+
+	$stmt = $sql_conn->prepare($r);
+	try {
+		$stmt->execute($args);
+		return $stmt;
+	} catch(PDOException $e) {
 		$title = "SQL error.";
 		$request = $r;
-		$sql_error = mysql_error();
+		$sql_error = $e->getMessage();
 		require("tpl/general/sqlerror.php");
 	}
 }
@@ -40,8 +50,7 @@ function esca($v) {
 	}
 }
 function escs($v) {
-	sql_connect();
-	return mysql_escape_string($v);
+	return $v;
 }
 function esc($v) {
 	return escs(esca($v));