Direct call to database engine functions
kiamlaluno - December 30, 2008 - 22:25
| Project: | Kaltura |
| Version: | 6.x-1.3 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
A Drupal module should avoid to directly call functions that are specific for a database engine.
The module calls mysql_escape_string(), but Drupal is thought to be used also with web sites using the PostgreSQL database engine, which would not then have that function available.
Drupal defines many functions which abstract from the database being used.
#1
In the specific case, the function to call should be
db_escape_string().#2
In the function description (in drupal API) it says that this function requires PostgreSQL 7.2 or later.
might it not break on mysql ?
Tested it locally (with mysql) and it works, tried to find documentation saying "pg_escape_string works on mysql too" but couldn't find any...
#3
The documentation can be a little confusing, but it's because it documents only a function, when there is a
db_escape_string()for PostgreSQL, one for MySQL, and one for MySQLi.The system used to create the documentation is not able to create a page for all the functions with the same name, therefore it just creates the documentation page for one of the functions.
Now you will wonder how Drupal can work without to throw an error, having different functions with the same name.
When a Drupal powered web site receive a request for a page, it includes a PHP file that is chosen basing on the database engine being used (which is defined in settings.php; when the database is PostgreSQL, then the file included is database.pgsql, when it's MySQL the file included is database.mysql, and when it's MySQLi the file included is database.mysqli (you can find them under includes in the Drupal root directory.
Rather than creating a single function that checks a parameter, and then execute the right code for the database engine being used, they created a
db_escape_string()for each of the supported databases.For the developer, the important thing is that he doesn't need to call a different function, nor he needs to check which database engine is being used.
#4
OK, the documentation really confused me one this one.
Your point is definitely accepted and this change will be included in the next release
Gonen
#5
Database functions documentation confused me more than once.
To be sure the database function is not only for a database, I read just the description, without to look at the code reported at the bottom of the page; if the function is only for a database, then the description will say for which database engine the function is.
#6
fixed in 6.x-1.4 and 5.x-1.3
#7
Automatically closed -- issue fixed for 2 weeks with no activity.