[geeklog-devel] MS SQL escaping

Joe Mucchiello joe at ThrowingDice.com
Fri Jul 4 14:11:19 EDT 2008

Previous message: [geeklog-devel] thoughts on frequent updates
Next message: [geeklog-devel] Another name change ...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 08:34 AM 7/4/2008, Michael Jervis wrote:

>The right one is the one I Committed to fix issues with the installer ;-)

>

>" does not require escaping in SQL. ' does, and is escaped as ''

>

>Geeklog escapes " to \" then passes that in, so we need to change \"

>to " in passed in SQL Strings.

That's because GL uses the unrecommended addslashes to quote database
strings instead of a GL specific function, such as DB_quoteText. If
such a function existed, the mysql.class.php version would call
mysql_real_escape_string and the mssql.class.php version would just
expand (single tick) to (two single ticks) as done in standard SQL.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com

Previous message: [geeklog-devel] thoughts on frequent updates
Next message: [geeklog-devel] Another name change ...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list