Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.minor update about query format. P.S. we need to use db_query() correctly for cross database concern :)
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | drupal-6.x-dev-menu.module-0.2.diff | 3.64 KB | hswong3i |
| drupal-6.x-dev-menu.module-0.1.diff | 3.62 KB | hswong3i |
Comments
Comment #1
hswong3i commentedsince both Oracle/DB2/MSSQL will preform A LOT OF reserved word rewrite handling to query BODY, this patch can greatly improve the ability of cross database compatibility. This is because all user input values are escaped, and will not capture by rewrite handling.
Comment #2
hswong3i commentedminor update about %s, thanks for dmitrig01 :)
Comment #3
dmitrig01 commentedComment #4
gábor hojtsyI see the general push to move literal stuff out of queries could help database compatibility, although fail to see in this case, what character might be infected by any DB escaping. Anyway, committed just to be in-line with this process.
Comment #5
profix898 commentedGábor wrote : "I see the general push to move literal stuff out of queries could help database compatibility"
Actually this is not documented anywhere AFAIK, at least it is not documented in the module update handbook page (http://drupal.org/update/modules). With all these SQL-compatibility patches going into core we will have core ready, but you will hardly find any contributed module that will not break your site immediately ;)
Comment #6
gábor hojtsyWe'v discussed this in the installer issue (which AFAIR is not yet committed). This change in policy should definitely be documented.
Comment #7
pwolanin commentedhmmm, this code may need to be cleaned up a little in addition - it assumes the 'navigation' menu- but that was written when we didn't allow the link to move outside of that.
Comment #8
(not verified) commented