What is it?
If I can't use mysql_escape_* WTF it is...what do I use to ensure portability?
Thanks a bunch...
p.s- I looked into AdoDB and it has a function called addq() but I can't find the same for adodb lite???
Am I blind?
AdoDB lite addslashes
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
- Technocrat
- Forum Contributor
- Posts: 127
- Joined: Thu Oct 20, 2005 7:01 pm
- AKA Panama Jack
- Forum Regular
- Posts: 878
- Joined: Mon Nov 14, 2005 4:21 pm
addq() is one of those undocumented features that was added to ADOdb at version 4.20.
It is NOT used by anything in the ADOdb package istself and only referenced in the changelog. I didn't add it because it was not a documented feature and probably little used. If you do use it with the mysql database it will NOT call the mysql_real_escape_string function even if it is availible.
addq() will return a result WITHOUT single quotes around it.
qstr() will return a result WITH single quotes around it.
If you need to use escape quoting you should use qstr() and adjust your queries accordingly.
Instead of
$db->Execute("SELECT * FROM mytable WHERE id = '" . $db->addq($id) . "'");
you should be using
$db->Execute("SELECT * FROM mytable WHERE id = " . $db->qstr($id));
This will properly escape quote for all databases and use any database specific functions while the addq() will NOT do this.
It is NOT used by anything in the ADOdb package istself and only referenced in the changelog. I didn't add it because it was not a documented feature and probably little used. If you do use it with the mysql database it will NOT call the mysql_real_escape_string function even if it is availible.
addq() will return a result WITHOUT single quotes around it.
qstr() will return a result WITH single quotes around it.
If you need to use escape quoting you should use qstr() and adjust your queries accordingly.
Instead of
$db->Execute("SELECT * FROM mytable WHERE id = '" . $db->addq($id) . "'");
you should be using
$db->Execute("SELECT * FROM mytable WHERE id = " . $db->qstr($id));
This will properly escape quote for all databases and use any database specific functions while the addq() will NOT do this.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg