mysql_real_esacpe_string should be prefered over addslashes for the reason of different character encodings.

It has been discussed before http://drupal.org/node/13180#comment-23787 the reason for rejection were version conflicts, that are not present anymore since PHP 4.3.3 is required in HEAD /INSTALL.txt and mysql_real_escape_string exists since 4.3.

However I have added a fallback to addslashes incase no db is established. If that is not necesary it can be removed.

CommentFileSizeAuthor
#1 mysql_real_escape_string_0.patch897 bytesUwe Hermann
mysql_real_escape_string.patch814 bytesThomas Ilsche

Comments

Uwe Hermann’s picture

Uwe Hermann commented
StatusFileSize
new mysql_real_escape_string_0.patch897 bytes

Fixed typos and minor cosmetic issues in the patch. I didn't test if it works, merely if it applies to HEAD.

moshe weitzman’s picture

moshe weitzman commented
Status: Needs review » Reviewed & tested by the community

i see no legitimate reason to hold this one back. if someone does, please change status.

dries’s picture

dries commented
Status: Reviewed & tested by the community » Fixed

Committed a modified version to HEAD.

Anonymous’s picture

(not verified) commented
Status: Fixed » Closed (fixed)