--- database.mysql.inc.orig	2004-11-21 10:52:44.000000000 +0100
+++ database.mysql.inc	2004-11-21 10:54:57.000000000 +0100
@@ -289,7 +289,13 @@ function db_decode_blob($data) {
  * Prepare user input for use in a database query, preventing SQL injection attacks.
  */
 function db_escape_string($text) {
-  return addslashes($text);
+  global $active_db;
+  static $version;
+
+  if (!isset($version)) {
+    $version = version_compare(phpversion(),'4.3.0','>=');
+  }
+  return $version ? mysql_real_escape_string($text,$active_db) : mysql_escape_string($text);
 }
 
 /**