• Dries's avatar
    · fa978390
    Dries authored
    - Patch 13180 by chx: renamed check_query() to db_escape_string() and implemtented it properly per database backend.
    
      Read the manual for pg_escape_string:  "Use of this function is recommended instead of addslashes()." Or read sqlite_escape_string: "addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data."
    fa978390
book.module 32.4 KB