Tweet
Hi, i want to add mysql_real_escape_string to the query function, just not sure exactly where would be the best place for it.
I cannot replace my mysql_escape_string in the files itself because since it requires a db connection, it fails even if i put it after the $db new class call.
So am left with placing it in at the source and in the query function itself im just not 100% where would be best.
here is the function.
and this is the free function where i was considering adding the escape.
I cannot replace my mysql_escape_string in the files itself because since it requires a db connection, it fails even if i put it after the $db new class call.
So am left with placing it in at the source and in the query function itself im just not 100% where would be best.
here is the function.
PHP Code:
/* public: perform a query */
function query($Query_String) {
/* No empty queries, please, since PHP4 chokes on them. */
if ($Query_String == "")
/* The empty query string is passed on from the constructor,
* when calling the class without a query, e.g. in situations
* like these: '$db = new DB_Sql_Subclass;'
*/
return 0;
if (!$this->connect()) {
return 0; /* we already complained in connect() about that. */
};
# New query, discard previous result.
if ($this->Query_ID) {
$this->free();
}
if ($this->Debug)
printf("Debug: query = %s<br>\n", $Query_String);
$this->Query_ID = @mysql_query($Query_String,$this->Link_ID);
$this->Row = 0;
$this->Errno = mysql_errno();
$this->Error = mysql_error();
if (!$this->Query_ID) {
$this->halt("Invalid SQL: ".$Query_String);
}
# Will return nada if it fails. That's fine.
return $this->Query_ID;
}
and this is the free function where i was considering adding the escape.
PHP Code:
/* public: discard the query result */
function free() {
@mysql_free_result($this->Query_ID);
$this->Query_ID = 0;
}
Comment