[drupal-devel] [bug] db_escape_string: use mysql_real_escape_string
drupal-devel at drupal.org
Mon Aug 22 20:02:28 UTC 2005
Issue status update for
Post a follow up:
Component: database system
Category: bug reports
Assigned to: Anonymous
Reported by: Thomas Ilsche
Updated by: Thomas Ilsche
Status: patch (code needs review)
Attachment: http://drupal.org/files/issues/mysql_real_escape_string.patch (814 bytes)
mysql_real_esacpe_string should be prefered over addslashes for the
reason of different character encodings.
It has been discussed before http://drupal.org/node/13180#comment-23787
the reason for rejection were version conflicts, that are not present
anymore since PHP 4.3.3 is required in HEAD /INSTALL.txt and
mysql_real_escape_string exists since 4.3.
However I have added a fallback to addslashes incase no db is
established. If that is not necesary it can be removed.
More information about the drupal-devel