Announcement

Collapse
No announcement yet.

mysql_real_escape_string

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mysql_real_escape_string

    I've been trying to incorporate a text cleaning function which used mysql_real_escape_string to escape special characters before updating my DB. However, I notice in the db_mysql.php that there is a similar function for the $DB_Site object.

    Code:
     	function escape_string($string)
     	{
     		// escapes characters in string depending on Characterset
     		return mysql_escape_string($string);
     	}
    I'm probably going to use this method instead - however, I'm slightly concerned as the PHP online manual (http://www.php.net/mysql_escape_string) says that the mysql_escape_string is depreciated since PHP 4.3.0

    Is there a plan to replace this function, and will the call to $DB_Site->escape_string() work with the new function in future?

    thanks

    James Frost.

  • #2
    I was curious about the same thing (which is how I came up with this old thread), as it's still in the 3.5 Beta 2 db class.
    Sphinx Search for vBulletin 4: https://marketplace.digitalpoint.com...tin-4.870/item
    Someone send me a message on Twitter when this site is usable again. https://twitter.com/digitalpoint

    Comment


    • #3
      MySQL class:

      PHP Code:
          /**
          * Constructor. If x_real_escape_string() is available, switches to use that
          * function over x_escape_string().
          */
          
      function vB_Database(&$registry)
          {
              if (
      is_object($registry))
              {
                  
      $this->registry =& $registry;
              }
              else
              {
                  
      trigger_error("vB_Database::Registry object is not an object"E_USER_ERROR);
              }

              if (
      function_exists($this->functions['real_escape_string']))
              {
                  
      $this->functions['escape_string'] = $this->functions['real_escape_string'];
              }
          } 
      The MySQLi class only calls mysqli_real_escape_string()

      Comment


      • #4
        Yeah, I realized that right after I posted that the mysql stuff moved to the core class, and the file I was looking at was leftover from the previous version.
        Sphinx Search for vBulletin 4: https://marketplace.digitalpoint.com...tin-4.870/item
        Someone send me a message on Twitter when this site is usable again. https://twitter.com/digitalpoint

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...
        X