On Mon, May 11, 2009 at 12:50 PM, Jan Luca <jan(a)jans-seite.de> wrote:
Hello,
should I use mysql_real_escape_string or do the DB class this automatically?
Gruß
jan
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
It doesn't do it automatically, but we've abstracted it into the
addQuotes() method
that can do it for you (ie: don't call mysql_real_escape_string()
yourself). This way
it can be properly abstracted for systems other than mySQL.
Also, when using a LIKE, we've also got escapeLike() for sanitizing
user input for
%'s
-Chad