View Issue Details

IDProjectCategoryView StatusLast Update
0004911mantisbtsqlpublic2004-12-11 03:02
Reportervboctor Assigned Tovboctor  
PrioritynormalSeverityblockReproducibilityalways
Status closedResolutionfixed 
Product Versiongit trunk 
Fixed in Version0.19.2 
Summary0004911: db_prepare_string() doesn't work with mysqli
Description

Environment:

  • Apache 2
  • PHP 5.0.2
  • MySQLi 4.1.7

The updated code for the handling of mysqli in db_prepare_string() is as follows:

For some reason mysqli_escape_string( $p_string ) always returns an empty

string. This is happening with PHP v5.0.2.

@@@ Consider using ADODB escaping for all databases.

case 'mysqli':
$t_escaped = $g_db->qstr( $p_string, false );
return substr( $t_escaped, 1, strlen( $t_escaped ) - 2 );

TagsNo tags attached.

Relationships

related to 0003457 closedvboctor PHP5 issues 
child of 0004818 closedvboctor Mantis 0.19.2 release 

Activities

jlatour

jlatour

2004-11-29 16:31

reporter   ~0008444

Isn't this a bug with PHP/MySQLi then?

Is there any reason against not using ADODB escaping for all databases?

vboctor

vboctor

2004-11-30 04:58

manager   ~0008449

I am not aware of a reason why we shouldn't use ADODB. The only trick is that ADODB puts the prepared string inside quotes, while our code assumes the quotes are not added. Hence, a work around would be to have db_prepare_string() remove the quotes, like what I implemented for MySQLi. But I guess this can be done as a separate issue.

jlatour

jlatour

2004-12-01 15:58

reporter   ~0008486

Or change the assumption?