[drupal-devel] [bug] db_escape_string: use mysql_real_escape_string
Uwe Hermann
drupal-devel at drupal.org
Tue Aug 23 01:24:15 UTC 2005
Issue status update for
http://drupal.org/node/29414
Post a follow up:
http://drupal.org/project/comments/add/29414
Project: Drupal
Version: cvs
Component: database system
Category: bug reports
Priority: minor
Assigned to: Anonymous
Reported by: Thomas Ilsche
Updated by: Uwe Hermann
Status: patch (code needs review)
Attachment: http://drupal.org/files/issues/mysql_real_escape_string_0.patch (897 bytes)
Fixed typos and minor cosmetic issues in the patch. I didn't test if it
works, merely if it applies to HEAD.
Uwe Hermann
Previous comments:
------------------------------------------------------------------------
Mon, 22 Aug 2005 20:02:25 +0000 : Thomas Ilsche
Attachment: http://drupal.org/files/issues/mysql_real_escape_string.patch (814 bytes)
mysql_real_esacpe_string should be prefered over addslashes for the
reason of different character encodings.
It has been discussed before http://drupal.org/node/13180#comment-23787
the reason for rejection were version conflicts, that are not present
anymore since PHP 4.3.3 is required in HEAD /INSTALL.txt and
mysql_real_escape_string exists since 4.3.
However I have added a fallback to addslashes incase no db is
established. If that is not necesary it can be removed.
More information about the drupal-devel
mailing list