stripslashes() with address book

martin martin at
Wed Jan 4 21:35:45 CET 2006

On Wed, 04 Jan 2006 12:21:28 +0100, Thomas Bruederli <roundcube at> wrote:
> Lic. Martin Marques wrote:
>> As RC uses PEAR::DB all that has to be done is:
>> $query = $db->escapeSimple($query);
>> and PEAR::DB will use the database especific function depending on which
>> DB server you are using. Very nice. :-)
> The latest CVS version of RoundCube uses the PEAR::DB quote() method to
> escape the insert values according to the DB engine. magic_quotes should
> be disabled in the php.ini because adding stripslashes() to all incoming
> values is not a good solution and it strips (wanted) slashes on all
> machines that have disabled magic_quotes.

PEAR::DB quote is depricated. RC should use escapeSimple() or quoteSmart() methods.

Lic. Martín Marqués         |   SELECT 'mmarques' || 
Centro de Telemática        |       '@' || '';
Universidad Nacional        |   DBA, Programador, 
    del Litoral             |   Administrador

More information about the Dev mailing list