[pLog-svn] r5858 - plog/branches/lifetype-1.2/class/database
Jon Daley
plogworld at jon.limedaley.com
Wed Aug 22 16:33:00 EDT 2007
qstr() should probably call to the lower level db, and use
mysql_escape_string or pg_escape_string, shouldn't it? Note, there are
character set issues with those functions, so probably
mysql_real_escape_string is the right one to use. (and Mark probably
needs to be the one to check it)
On Wed, 22 Aug 2007, jondaley at devel.lifetype.net wrote:
> Author: jondaley
> Date: 2007-08-22 16:31:42 -0400 (Wed, 22 Aug 2007)
> New Revision: 5858
>
> Modified:
> plog/branches/lifetype-1.2/class/database/db.class.php
> Log:
> working on the famous removing backslash problem. We don't need to check magic_quotes_gpc here, because any data coming in from the outside should have been grabbed using the request class, which already stripped out the slashes.
>
> Modified: plog/branches/lifetype-1.2/class/database/db.class.php
> ===================================================================
> --- plog/branches/lifetype-1.2/class/database/db.class.php 2007-08-22 20:06:44 UTC (rev 5857)
> +++ plog/branches/lifetype-1.2/class/database/db.class.php 2007-08-22 20:31:42 UTC (rev 5858)
> @@ -145,8 +145,7 @@
>
> /**
> * Prepares a string for an SQL query by escaping apostrophe
> - * characters. If the PHP configuration setting 'magic_quotes_gpc'
> - * is set to ON, it will first strip the added slashes. Apostrophe
> + * characters. Apostrophe
> * characters are doubled, conforming with the ANSI SQL standard.
> * The SQL parser makes sure that the escape token is not entered
> * in the database so there is no need to modify the data when it
> @@ -157,18 +156,8 @@
> * @access public
> */
> function qstr($string) {
> -
> - if (get_magic_quotes_gpc()) {
> - $string = stripslashes($string);
> - //$string = stripslashes($string);
> - $string = str_replace('\\\\', '\\', $string);
> - $string = str_replace("\\'", "'", $string);
> - $string = str_replace('\\"', '"', $string);
> - }
> -
> $string = str_replace("\\", "\\\\", $string);
> $string = str_replace("'", "''", $string);
> -
> return $string;
> }
> }
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://limedaley.com/mailman/listinfo/plog-svn
>
--
Jon Daley
http://jon.limedaley.com/
Education is a progressive discovery of our own ignorance.
-- Will Durant
More information about the pLog-svn
mailing list