On Mon, 5 May 2008, Reto Hugi wrote: > I guess we have DB::qstr for that case. Which that is another issue - we shouldn't be using Db:qstr, but $db->qstr(). I am not sure why we stopped using that, but Db:qstr is broken, since it only calls add_slashes() or something, rather than mysql_escape()