[geeklog-devel] SQL Server 2005 - MSSQL Driver
joe at ThrowingDice.com
Tue May 6 12:59:31 EDT 2008
At 07:16 PM 5/5/2008, Randy Kolenko wrote:
>the various add/remove/add/remove/remove/add/remove slashes :-)
I've railed about this a lot. In my opinion,
there should be only one call to stripslashes in
the entire code base: Inside COM_stripslashes to
handle the magic quotes nonsense. As for
addslashes it too should never be called. There
should be a DB_quote function in lib-database and
the database classes. We should do a codewide
search and replace of addslashes with DB_quote, a
function supported by the database layer. mySQL's
DB_quote would call mysql_real_quote_string.
MSSQL would double up the single quotes. Someone
would have to eyeball that search/replace but it really should be done.
At 11:41 AM 5/6/2008, Kevin J. Peno wrote:
>Also, in regard to MySQL
.I think it is
>important to move that driver to mysql improved
>(mysqli) and start slowly implementing
>mysql_real_escape_string instead of addslashes,
>that way we can all work together in creating a
>better abstraction layer, hopefully making it
>extremely easy for anyone to drop in new support for other DBs any time!
I've been on several shared hosts that don't
offer mysqli for PHP. This isn't likely to
happen. Yes, it would be nice to code with ?
parameters but that won't happen without
rewriting lots and lots of GL1. Move to GL2 if
you want a clean database abstraction.
Throwing Dice Games
More information about the geeklog-devel