- Applied a patch from Loui to fix session removal.

- Replaced all occurences of mysql_escape_string()
  with mysql_real_escape_string().

web/html/logout.php

@@ -11,9 +11,9 @@ set_lang();                 # this sets up the visitor's language
 # sending any HTML output.
 #
 if (isset($_COOKIE["AURSID"])) {
-	$q = "DELETE FROM Sessions WHERE SessionID = '";
-	$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
 	$dbh = db_connect();
+	$q = "DELETE FROM Sessions WHERE SessionID = '";
+	$q.= mysql_real_escape_string($_COOKIE["AURSID"]) . "'";
 	db_query($q, $dbh);
 	setcookie("AURSID", "", time() - (60*60*24*30), "/");
 	setcookie("AURLANG", "", time() - (60*60*24*30), "/");