Hello, I have just seen: If $mode = LIST_COMMA is in Database::makeList() used(by Database::insert is $mode = LIST_COMMA used), then call the function $this->addQuotes( $value ), so that you don't need to escape manually your input.
Line: 1436 in function makeList( $a, $mode = LIST_COMMA ), line 1390-1440 in includes/db/Database.php Gruß jan -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Chad Gesendet: Montag, 11. Mai 2009 19:40 An: Wikimedia developers Betreff: Re: [Wikitech-l] Is mysql_real_escape_string needed? Yes, you need to escape all input before doing select or insert. However, the database has helper functions to help you do it, you don't need to be calling mysql_real_escape_string() directly. -Chad On Mon, May 11, 2009 at 1:37 PM, Jan Luca <[email protected]> wrote: > I mean when I use the DB class(Database::select an Database:insert). > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von Brion Vibber > Gesendet: Montag, 11. Mai 2009 19:06 > An: Wikimedia developers > Betreff: Re: [Wikitech-l] Is mysql_real_escape_string needed? > > El 5/11/09 9:50 PM, Jan Luca escribió: >> should I use mysql_real_escape_string or do the DB class this > automatically? > > Generally you should be using the database wrapper functions, which in > most cases will do escaping when generating queries. See docs: > > http://www.mediawiki.org/wiki/Manual:Database_access > > When you do manually generate some SQL you might need to quote manually, > in which case you should use the addQuotes() or strencode() methods on > your database access rather than using MySQL functions directly, since > we support PostgreSQL and (in theory) other DB backends as well. > > -- brion > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
