I mean when I use the DB class(Database::select an Database:insert). -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Brion Vibber Gesendet: Montag, 11. Mai 2009 19:06 An: Wikimedia developers Betreff: Re: [Wikitech-l] Is mysql_real_escape_string needed?
El 5/11/09 9:50 PM, Jan Luca escribió: > should I use mysql_real_escape_string or do the DB class this automatically? Generally you should be using the database wrapper functions, which in most cases will do escaping when generating queries. See docs: http://www.mediawiki.org/wiki/Manual:Database_access When you do manually generate some SQL you might need to quote manually, in which case you should use the addQuotes() or strencode() methods on your database access rather than using MySQL functions directly, since we support PostgreSQL and (in theory) other DB backends as well. -- brion _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
