[imp] problems with single quotes
Brent J. Nordquist
bjn@horde.org
Wed, 18 Oct 2000 09:20:06 -0500 (CDT)
On Mon, 16 Oct 2000, Chuck Hagenbuch <chuck@horde.org> wrote:
> > I've checked the SQL statements that are sent to the database, and
> > it's definitely that the quotes are prematurely ending the SQL
> > statement ie:
> >
> > INSERT into imp_pref(username,sig) values('mkb@bar','Matt Kane's Brain');
>
> What db lib are you using? Sounds like it's not calling addslashes
> appropriately...
Very strange. Chuck is right; prefs.php3 calls imp_set_fullname with an
argument that uses addslashes($quoted) to protect the single-quotes. So
every db.* version of imp_set_fullname will get a quoted value; shouldn't
matter what database is being used. Using single-quotes in fullname is
working here with 2.2 and MySQL; I don't have Oracle/OCI so I can't test
that.
Can you insert some echo's in prefs.php3 and db.oci8 and try to see where
the quotes are appearing and where they aren't? Is it possible that
Oracle SQL is eating the backslash?
--
Brent J. Nordquist <bjn@horde.org>
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942