[geeklog-devel] Geeklog 2.0.0 RC2 Release Schedule
dirk at haun-online.de
Mon Jan 21 15:13:01 EST 2013
> I see Dirk has assigned himself that patch to take a look at it. I am not a
> PosqgreSQL user so if anyone else who is and has a chance to take a look at
> the bug and feedback, maybe they can offer their opinion on the matter
> (which seems to deal with handling of the single quote in sql statements for
> those interested).
I'm not a Postgres expert (at all). Both Shintaro and myself seem to run the same version of Postgres. I can install rc1 just fine, he can't.
So to me this looks like a setup issue. Shintaro, can you send me your postgresql.conf file so that I can compare it with mine?
For now, I guess that once we figured out what the setting is, we'll have to document that Geeklog only works with that option being set to whatever.
The proper solution then, as mentioned in the comments in the bug, would be to use two single quotes instead of backslash + quote to escape quotes for Postgres. But that would require changing all of Geeklog to call the new DB_escapeString() function. And that's not something that can be done with a simple search&replace operation, since we're using addslashes() in, erm, creative ways in some places.
Btw, the patch doesn't help us here. In fact, it's not correct, since it would replace single quotes with an HTML ' entity - in text strings that are not HTML but plain text.
More information about the geeklog-devel