diff -ruN picora/classes/PicoraActiveRecord.php picora-fixed/classes/PicoraActiveRecord.php
--- picora/classes/PicoraActiveRecord.php	2007-10-03 10:06:28.000000000 +0200
+++ picora-fixed/classes/PicoraActiveRecord.php	2007-09-24 21:52:24.000000000 +0200
@@ -173,7 +173,7 @@
 	 */
 	final static public function escape($value){
 		switch(self::$__connection_type__){
-			case 'mysql': return mysql_real_escape_string($value,self::$__connection__);
+			case 'mysql': return addslashes($value);
 			case 'sqlite': return sqlite_escape_string($value);
 			case 'pdo': return self::$__connection__->quote($value);
 		}
diff -ruN picora/classes/PicoraDispatcher.php picora-fixed/classes/PicoraDispatcher.php
--- picora/classes/PicoraDispatcher.php	2007-10-03 10:06:28.000000000 +0200
+++ picora-fixed/classes/PicoraDispatcher.php	2007-09-04 00:49:22.000000000 +0200
@@ -62,7 +62,7 @@
 		
 	//used internally by Dispatcher to create a new PicoraController instance and call the requested method
 	static public function call($class_and_method,$parameters,$arguments = false){
-		$arguments = ($arguments) ? $arguments : array();
+		$arguments = ($arguments) ? $arguments : array();		
 		if(!class_exists($class_and_method[0]))
 			throw new Exception($class_and_method[0].' class was not found.');
 		$instance = new $class_and_method[0];
@@ -76,7 +76,7 @@
 		$callback = array($instance,$class_and_method[1]);
 		if(!is_callable($callback))
 			throw new Exception(get_class($callback[0]).'->'.$callback[1].'() is not callable.');
-		$response = call_user_func($callback);
+		$response = call_user_func($callback, $instance->params);
 		if($response !== false){
 			foreach(PicoraEvent::getObserverList($class_and_method[0].'.afterCall') as $callback){
 				$callback_response = call_user_func($callback,$instance,$response,$class_and_method[1]);
@@ -195,8 +195,17 @@
 		if(substr($class_and_method[0],-10) != 'Controller')
 			$class_and_method[0] .= 'Controller';		
 		$route_string = PicoraSupport::formatPropertyString(self::getRouteByClassAndMethod($class_and_method[0],$class_and_method[1]),$arguments);
+				
 		if($route_string && !preg_match('/\:[^\/]/',$route_string))
-			return ($include_base_url ? substr(self::$status['base_url'],0,-1) : '').$route_string.(is_string($include_base_url) || is_array($include_base_url) ? (is_string($include_base_url) ? $include_base_url : http_build_query($include_base_url,null,'&')) : '');
+			return ($include_base_url
+				? (substr(self::$status['base_url'], -1) == '/'
+					? substr(self::$status['base_url'],0,-1)
+					: self::$status['base_url'])
+				: '').$route_string.(is_string($include_base_url) || is_array($include_base_url)
+					? (is_string($include_base_url)
+						? $include_base_url
+						: http_build_query($include_base_url,null,'&'))
+					: '');
 		throw new Exception('Could not resolve URL');
 	}