On Aug 21, 2007, at 7:50 PM, Rob Church wrote:
On 22/08/07, Jim Hu <jimhu(a)tamu.edu> wrote:
I use mysql_real_escape_string before saving to
the database. I use
stripslashes when I get it back out.
This is superfluous; no extra slashes are *saved* into the database.
hmm... so that makes it even more mysterious. sigh. When the
slashes go nuts, they're definitely in the database. I assume that
you weren't saying that mysql_real_escape_string is superfluous. Or
is it? I have a feeling that I'm not using the abstraction provided
by the MW database functions properly. For example, the method in my
row class to save back to the database is
function db_save_row(){
global $wgTableEditDatabase;
# $this->row_id set when data previously pulled from database
# for a row only set in temp space, should be undef
$dbr =& wfGetDB( DB_SLAVE );
if ($this->row_data == '') return; # don't save rows with no data
or || delimiters
$this->row_data = mysql_real_escape_string($this->row_data);
if (!$this->row_id){
$sql = "INSERT INTO $wgTableEditDatabase.row VALUES(
null,
'$this->box_id',
'$this->owner_uid',
'$this->row_data',
'$this->row_style',
'$this->row_sort_order',
'".time()."'
)";
$result = $dbr->query($sql);
$this->row_id = $dbr->insertId();
}elseif($this->is_current === true){
# it's in the DB and it's current, update it.
$sql = "UPDATE $wgTableEditDatabase.row SET
owner_uid='$this->owner_uid',
row_data='$this->row_data',
row_style = '$this->row_style',
row_sort_order = '$this->row_sort_order',
timestamp = '".time()."'
WHERE row_id = '$this->row_id'";
$result = $dbr->query($sql);
}else{
#it's in the DB but it's not current. Delete it from the DB
$sql = "DELETE FROM $wgTableEditDatabase.row WHERE row_id = '$this-
row_id'";
$result =
$dbr->query($sql);
}
return;
}
I'm thinking that I should probably be using $dbr->insert
(..arrays..), $dbr->update(.. arrays..), and $dbr->delete(...
arrays...).
Should I be using $dbr->safeQuery instead of mysql_real_escape_string?
I did tell you my code was hacky!!
Jim
Rob Church
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
=====================================
Jim Hu
Associate Professor
Dept. of Biochemistry and Biophysics
2128 TAMU
Texas A&M Univ.
College Station, TX 77843-2128
979-862-4054