[drupal-devel] [bug] db_escape_string: use mysql_real_escape_string

Thomas Ilsche drupal-devel at drupal.org
Mon Aug 22 20:02:28 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      cvs
 Component:    database system
 Category:     bug reports
 Priority:     minor
 Assigned to:  Anonymous
 Reported by:  Thomas Ilsche
 Updated by:   Thomas Ilsche
 Status:       patch (code needs review)
 Attachment:   http://drupal.org/files/issues/mysql_real_escape_string.patch (814 bytes)

mysql_real_esacpe_string should be prefered over addslashes for the
reason of different character encodings.

It has been discussed before http://drupal.org/node/13180#comment-23787
the reason for rejection were version conflicts, that are not present
anymore since PHP 4.3.3 is required in HEAD /INSTALL.txt and
mysql_real_escape_string exists since 4.3.

However I have added a fallback to addslashes incase no db is
established. If that is not necesary it can be removed.

Thomas Ilsche

More information about the drupal-devel mailing list