[drupal-devel] [bug] db_escape_string: use mysql_real_escape_string

Uwe Hermann drupal-devel at drupal.org
Tue Aug 23 01:24:15 UTC 2005

Issue status update for 
Post a follow up: 

 Project:      Drupal
 Version:      cvs
 Component:    database system
 Category:     bug reports
 Priority:     minor
 Assigned to:  Anonymous
 Reported by:  Thomas Ilsche
 Updated by:   Uwe Hermann
 Status:       patch (code needs review)
 Attachment:   http://drupal.org/files/issues/mysql_real_escape_string_0.patch (897 bytes)

Fixed typos and minor cosmetic issues in the patch. I didn't test if it
works, merely if it applies to HEAD.

Uwe Hermann

Previous comments:

Mon, 22 Aug 2005 20:02:25 +0000 : Thomas Ilsche

Attachment: http://drupal.org/files/issues/mysql_real_escape_string.patch (814 bytes)

mysql_real_esacpe_string should be prefered over addslashes for the
reason of different character encodings.

It has been discussed before http://drupal.org/node/13180#comment-23787
the reason for rejection were version conflicts, that are not present
anymore since PHP 4.3.3 is required in HEAD /INSTALL.txt and
mysql_real_escape_string exists since 4.3.

However I have added a fallback to addslashes incase no db is
established. If that is not necesary it can be removed.

More information about the drupal-devel mailing list