diff --git a/admin/index.php b/admin/index.php
index 0556a54..ad3bd3b 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -8,7 +8,8 @@ $allok = 2;
$txt=$_POST["txt"];
$tim=$_POST["tim"];
-$txt = preg_replace("#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie", "'http://$3$4'", $txt);
+// Broken for some reason.
+//$txt = preg_replace("#((http|https|ftp)://(\S*?\.\S*?))(\s|\;|\)|\]|\[|\{|\}|,|\"|'|:|\<|$|\.\s)#ie", "'http://$3$4'", $txt);
$txt = Parsedown::instance()->parse($txt);
@@ -34,12 +35,12 @@ die("File upload error");
}
-if (isset($_POST["txt"]) && isset($_POST["tim"])) {
+if (isset($txt) && isset($tim)) {
include "../connect.php";
$mysql_table = MYSQL_TABLE;
-$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_real_escape_string(nl2br($txt.$extrl))."', '".mysqli_real_escape_string($tim)."')";
+$qry = "INSERT INTO `$mysql_table` (`id`, `txt`, `tim`) VALUES (NULL, '".mysqli_real_escape_string($db, nl2br($txt.$extrl))."', '".mysqli_real_escape_string($db, $tim)."')";
$result = mysqli_query($db, $qry);
if (!$result) {
diff --git a/detail.php b/detail.php
index cefd53d..97ab19c 100644
--- a/detail.php
+++ b/detail.php
@@ -5,7 +5,7 @@ include 'checklogin.php';
include "connect.php";
$mysql_table = MYSQL_TABLE;
-$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
+$qry="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
$result=mysqli_query($db, $qry);
if($result) {
if(mysqli_num_rows($result) == 1) {
diff --git a/get.php b/get.php
index 0486056..af7bf49 100644
--- a/get.php
+++ b/get.php
@@ -5,7 +5,7 @@ include 'checklogin.php';
include "connect.php";
$mysql_table = MYSQL_TABLE;
-$qry="SELECT * FROM `$mysql_table` ORDER BY `$mysql_table`.`id` ASC LIMIT ".mysqli_real_escape_string($_GET["lastid"])." , 1000";
+$qry="SELECT * FROM `$mysql_table` ORDER BY `$mysql_table`.`id` ASC LIMIT ".mysqli_real_escape_string($db, $_GET["lastid"])." , 1000";
$result=mysqli_query($db, $qry);
$newlastid=$_GET["lastid"];
$jspo=array();
diff --git a/like.php b/like.php
index 231a466..54cc398 100644
--- a/like.php
+++ b/like.php
@@ -8,7 +8,7 @@ $stars=0;
$starred="";
$mysql_table = MYSQL_TABLE;
-$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
+$qrya="SELECT * FROM `$mysql_table` WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
$resulta=mysqli_query($db, $qrya);
if($resulta) {
if(mysqli_num_rows($resulta) == 1) {
@@ -20,7 +20,7 @@ if($resulta) {
$stars=$stars+1;
if (isset($_GET["plusone"])) {
- $qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_real_escape_string($_GET["id"])."'";
+ $qryb="UPDATE `$mysql_table` SET `pluses`='".($stars)."' WHERE `id`='".mysqli_real_escape_string($db, $_GET["id"])."'";
$resultb=mysqli_query($db, $qryb);
if($resultb) {
$starred="Thanks for a ★! ";