remove addslashes usage in path building

htdocs/index.php

@@ -111,11 +111,14 @@ while (end($pathlist) === "") array_pop($pathlist);
 $smarty->assign_by_ref("pathlist", $pathlist);
 $path = '';
 $query = "select * from pagemap where path='/' ";
+$params = array();
 foreach($pathlist as $item) {
 	if ($item && $item != '/') {
-	$query .= "or path = '".addslashes($path)."/*' ";
-	$path .= "/$item";
-	$query .= "or path = '".addslashes($path)."' ";
+		$query .= "or path=? ";
+		$params[] = $path."/*";
+		$path .= "/$item";
+		$query .= "or path=? ";
+		$params[] = $path;
 	}
 }
 
@@ -123,7 +126,7 @@ foreach($pathlist as $item) {
 $smarty->assign_by_ref("path", $path);
 
 $query .= "order by depth desc";
-$pagemap = $DB->GetAll($query);
+$pagemap = $DB->GetAll($query, $params);
 //echo $query;
 if (!$pagemap) $smarty->assign("error", $DB->ErrorMsg());
 if (!$pagemap || count($pagemap)<1) {