[geeklog-devel] MS SQL escaping

Joe Mucchiello joe at ThrowingDice.com
Fri Jul 4 14:11:19 EDT 2008


At 08:34 AM 7/4/2008, Michael Jervis wrote:
>The right one is the one I Committed to fix issues with the installer ;-)
>
>" does not require escaping in SQL. ' does, and is escaped as ''
>
>Geeklog escapes " to \" then passes that in, so we need to change \"
>to " in passed in SQL Strings.

That's because GL uses the unrecommended addslashes to quote database 
strings instead of a GL specific function, such as DB_quoteText. If 
such a function existed, the mysql.class.php version would call 
mysql_real_escape_string and the mssql.class.php version would just 
expand (single tick) to (two single ticks) as done in standard SQL.


----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 




More information about the geeklog-devel mailing list