martin wrote:
On Wed, 04 Jan 2006 12:21:28 +0100, Thomas Bruederli roundcube@gmail.com wrote:
Lic. Martin Marques wrote:
As RC uses PEAR::DB all that has to be done is:
$query = $db->escapeSimple($query);
and PEAR::DB will use the database especific function depending on which DB server you are using. Very nice. :-)
The latest CVS version of RoundCube uses the PEAR::DB quote() method to escape the insert values according to the DB engine. magic_quotes should be disabled in the php.ini because adding stripslashes() to all incoming values is not a good solution and it strips (wanted) slashes on all machines that have disabled magic_quotes.
PEAR::DB quote is depricated. RC should use escapeSimple() or quoteSmart() methods.
I recognized that a few days ago, the development version uses quoteSmart() now.
Thanks, Thomas