[geeklog-devel] SQL Server 2005 - MSSQL Driver

Joe Mucchiello joe at ThrowingDice.com
Tue May 6 12:59:31 EDT 2008

At 07:16 PM 5/5/2008, Randy Kolenko wrote:
>the various add/remove/add/remove/remove/add/remove slashes :-)

I've railed about this a lot. In my opinion, 
there should be only one call to stripslashes in 
the entire code base: Inside COM_stripslashes to 
handle the magic quotes nonsense. As for 
addslashes it too should never be called. There 
should be a DB_quote function in lib-database and 
the database classes. We should do a codewide 
search and replace of addslashes with DB_quote, a 
function supported by the database layer. mySQL's 
DB_quote would call mysql_real_quote_string. 
MSSQL would double up the single quotes. Someone 
would have to eyeball that search/replace but it really should be done.

At 11:41 AM 5/6/2008, Kevin J. Peno wrote:
>Also, in regard to MySQL
.I think it is 
>important to move that driver to mysql improved 
>(mysqli) and start slowly implementing 
>mysql_real_escape_string instead of addslashes, 
>that way we can all work together in creating a 
>better abstraction layer, hopefully making it 
>extremely easy for anyone to drop in new support for other DBs any time!

I've been on several shared hosts that don't 
offer mysqli for PHP. This isn't likely to 
happen. Yes, it would be nice to code with ? 
parameters but that won't happen without 
rewriting lots and lots of GL1. Move to GL2 if 
you want a clean database abstraction.

Joe Mucchiello
Throwing Dice Games

More information about the geeklog-devel mailing list