[geeklog-devel] MS SQL escaping
Joe Mucchiello
joe at ThrowingDice.com
Fri Jul 4 14:11:19 EDT 2008
At 08:34 AM 7/4/2008, Michael Jervis wrote:
>The right one is the one I Committed to fix issues with the installer ;-)
>
>" does not require escaping in SQL. ' does, and is escaped as ''
>
>Geeklog escapes " to \" then passes that in, so we need to change \"
>to " in passed in SQL Strings.
That's because GL uses the unrecommended addslashes to quote database
strings instead of a GL specific function, such as DB_quoteText. If
such a function existed, the mysql.class.php version would call
mysql_real_escape_string and the mssql.class.php version would just
expand (single tick) to (two single ticks) as done in standard SQL.
----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com
More information about the geeklog-devel
mailing list