[geeklog-devel] MS SQL escaping
Dirk Haun
dirk at haun-online.de
Fri Jul 4 05:38:52 EDT 2008
Looking through the config class, there are 3 places where we do some
special escaping for MS SQL.
In functions set() and set_default(), we do
if ($_DB_dbms == 'mssql') {
$sql_query = str_replace("\\'", "''", $sql_query);
$sql_query = str_replace('\\"', '"', $sql_query);
whereas in function add(), we do
if ($_DB_dbms == 'mssql') {
$sql_query = str_replace("\\'", "''", $sql_query);
$sql_query = str_replace('\\"', '""', $sql_query);
So in the first case, \" is replaced with a single " while in the second
case, it's replaced with two "".
Am I missing something or is one of those wrong (and if so, which one's
correct)?
bye, Dirk
--
http://www.geeklog.net/
http://geeklog.info/
More information about the geeklog-devel
mailing list