[pLog-svn] r5858 - plog/branches/lifetype-1.2/class/database

Jon Daley plogworld at jon.limedaley.com
Wed Aug 22 16:33:00 EDT 2007


 	qstr() should probably call to the lower level db, and use 
mysql_escape_string or pg_escape_string, shouldn't it?  Note, there are 
character set issues with those functions, so probably 
mysql_real_escape_string is the right one to use.  (and Mark probably 
needs to be the one to check it)

On Wed, 22 Aug 2007, jondaley at devel.lifetype.net wrote:

> Author: jondaley
> Date: 2007-08-22 16:31:42 -0400 (Wed, 22 Aug 2007)
> New Revision: 5858
>
> Modified:
>   plog/branches/lifetype-1.2/class/database/db.class.php
> Log:
> working on the famous removing backslash problem. We don't need to check magic_quotes_gpc here, because any data coming in from the outside should have been grabbed using the request class, which already stripped out the slashes.
>
> Modified: plog/branches/lifetype-1.2/class/database/db.class.php
> ===================================================================
> --- plog/branches/lifetype-1.2/class/database/db.class.php	2007-08-22 20:06:44 UTC (rev 5857)
> +++ plog/branches/lifetype-1.2/class/database/db.class.php	2007-08-22 20:31:42 UTC (rev 5858)
> @@ -145,8 +145,7 @@
>
> 		/**
> 		 * Prepares a string for an SQL query by escaping apostrophe
> -		 * characters. If the PHP configuration setting 'magic_quotes_gpc'
> -		 * is set to ON, it will first strip the added slashes. Apostrophe
> +		 * characters. Apostrophe
> 		 * characters are doubled, conforming with the ANSI SQL standard.
> 		 * The SQL parser makes sure that the escape token is not entered
> 		 * in the database so there is no need to modify the data when it
> @@ -157,18 +156,8 @@
> 		 * @access public
> 		 */
> 		function qstr($string) {
> -
> - 			if (get_magic_quotes_gpc()) {
> -				$string = stripslashes($string);
> -				//$string = stripslashes($string);
> -		                $string = str_replace('\\\\', '\\', $string);
> -                		$string = str_replace("\\'", "'", $string);
> -         		        $string = str_replace('\\"', '"', $string);
> - 			}
> -
> 			$string = str_replace("\\", "\\\\", $string);
>  			$string = str_replace("'", "''", $string);
> -
> 			return $string;
> 		}
>     }
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>

-- 
Jon Daley
http://jon.limedaley.com/

Education is a progressive discovery of our own ignorance.
-- Will Durant


More information about the pLog-svn mailing list