stripslashes() with address book

martin martin at bugs.unl.edu.ar
Wed Jan 4 21:35:45 CET 2006


On Wed, 04 Jan 2006 12:21:28 +0100, Thomas Bruederli <roundcube at gmail.com> wrote:
> Lic. Martin Marques wrote:
>>
>> As RC uses PEAR::DB all that has to be done is:
>>
>> $query = $db->escapeSimple($query);
>>
>> and PEAR::DB will use the database especific function depending on which
>> DB server you are using. Very nice. :-)
> 
> The latest CVS version of RoundCube uses the PEAR::DB quote() method to
> escape the insert values according to the DB engine. magic_quotes should
> be disabled in the php.ini because adding stripslashes() to all incoming
> values is not a good solution and it strips (wanted) slashes on all
> machines that have disabled magic_quotes.

PEAR::DB quote is depricated. RC should use escapeSimple() or quoteSmart() methods.

-- 
---------------------------------------------------------
Lic. Martín Marqués         |   SELECT 'mmarques' || 
Centro de Telemática        |       '@' || 'unl.edu.ar';
Universidad Nacional        |   DBA, Programador, 
    del Litoral             |   Administrador
---------------------------------------------------------






More information about the Dev mailing list