On Mon, May 11, 2009 at 12:50 PM, Jan Luca <[email protected]> wrote: > Hello, > > > > should I use mysql_real_escape_string or do the DB class this automatically? > > Gruß > jan > > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l >
It doesn't do it automatically, but we've abstracted it into the addQuotes() method that can do it for you (ie: don't call mysql_real_escape_string() yourself). This way it can be properly abstracted for systems other than mySQL. Also, when using a LIKE, we've also got escapeLike() for sanitizing user input for %'s -Chad _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
