[geeklog-devel] MS SQL escaping
Michael Jervis
mjervis at gmail.com
Fri Jul 4 08:34:22 EDT 2008
The right one is the one I Committed to fix issues with the installer ;-)
" does not require escaping in SQL. ' does, and is escaped as ''
Geeklog escapes " to \" then passes that in, so we need to change \"
to " in passed in SQL Strings.
On Fri, Jul 4, 2008 at 10:38, Dirk Haun <dirk at haun-online.de> wrote:
> Looking through the config class, there are 3 places where we do some
> special escaping for MS SQL.
>
> In functions set() and set_default(), we do
>
> if ($_DB_dbms == 'mssql') {
> $sql_query = str_replace("\\'", "''", $sql_query);
> $sql_query = str_replace('\\"', '"', $sql_query);
>
> whereas in function add(), we do
>
> if ($_DB_dbms == 'mssql') {
> $sql_query = str_replace("\\'", "''", $sql_query);
> $sql_query = str_replace('\\"', '""', $sql_query);
>
> So in the first case, \" is replaced with a single " while in the second
> case, it's replaced with two "".
>
> Am I missing something or is one of those wrong (and if so, which one's
> correct)?
>
> bye, Dirk
>
>
> --
> http://www.geeklog.net/
> http://geeklog.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
>
--
Michael Jervis
mjervis at gmail.com
504B03041400000008008F846431E3543A820800000006000000060000007765
62676F642B4F4D4ACF4F0100504B010214001400000008008F846431E3543A82
0800000006000000060000000000000000002000000000000000776562676F64
504B05060000000001000100340000002C0000000000
More information about the geeklog-devel
mailing list