Removed redundant mysqli_real_escape_string #290

php/api.php

@@ -54,8 +54,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
 	$plugins = new Plugins($plugins, $database, $settings);
 
 	# Escape
-	foreach(array_keys($_POST) as $key)	$_POST[$key] = mysqli_real_escape_string($database, urldecode($_POST[$key]));
-	foreach(array_keys($_GET) as $key)	$_GET[$key] = mysqli_real_escape_string($database, urldecode($_GET[$key]));
+	foreach(array_keys($_POST) as $key)	$_POST[$key] = urldecode($_POST[$key]);
+	foreach(array_keys($_GET) as $key)	$_GET[$key] = urldecode($_GET[$key]);
 
 	# Validate parameters
 	if (isset($_POST['albumIDs'])&&preg_match('/^[0-9\,]{1,}$/', $_POST['albumIDs'])!==1)	exit('Error: Wrong parameter type for albumIDs!');