Revision 1309 - mysql_real_escape_string

Discussion in 'Developers' Forum' started by moglia, Aug 11, 2009.

  1. moglia

    moglia New Member

    Sugestion about Revision 1309. Fixed: FS#754 - mailfilter problem

    mysql_real_escape_string used direct without
    abstraction database layer.

    $mailuser = $app->db->queryOneRecord("SELECT sys_groupid, custom_mailfilter FROM mail_user WHERE mailuser_id = ".$this->dataRecord["mailuser_id"]);
    $rule_content = $mailuser['custom_mailfilter']."\n".$app->db->quote($this->getRule());

    I see db class you can not use $app->db->quote insted mysql_real_escape_string.

    $rule_content = mysql_real_escape_string($rule_content);

    $rule_content = $app->db->quote($rule_content)

    turns code portable to another database is it´s necessary.

    if not possible use $app->db->quote i sugest
    create another method in class to do it.

    Im folow code revisions to learn and soon as possible test some features every day.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I've changed that.

Share This Page