Closed (fixed)
Project:
Drupal core
Version:
6.x-dev
Component:
database system
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
12 Aug 2007 at 05:11 UTC
Updated:
4 Sep 2007 at 11:31 UTC
Jump to comment: Most recent file
Comments
Comment #1
hswong3i commentedsince both Oracle/DB2/MSSQL will preform A LOT OF reserved word rewrite handling to query BODY, this patch can greatly improve the ability of cross database compatibility. This is because all user input values are escaped, and will not capture by rewrite handling.
Comment #2
hswong3i commentedminor update about %s, thanks for dmitrig01 :)
Comment #3
dmitrig01 commentedComment #4
gábor hojtsyI see the general push to move literal stuff out of queries could help database compatibility, although fail to see in this case, what character might be infected by any DB escaping. Anyway, committed just to be in-line with this process.
Comment #5
profix898 commentedGábor wrote : "I see the general push to move literal stuff out of queries could help database compatibility"
Actually this is not documented anywhere AFAIK, at least it is not documented in the module update handbook page (http://drupal.org/update/modules). With all these SQL-compatibility patches going into core we will have core ready, but you will hardly find any contributed module that will not break your site immediately ;)
Comment #6
gábor hojtsyWe'v discussed this in the installer issue (which AFAIR is not yet committed). This change in policy should definitely be documented.
Comment #7
pwolanin commentedhmmm, this code may need to be cleaned up a little in addition - it assumes the 'navigation' menu- but that was written when we didn't allow the link to move outside of that.
Comment #8
(not verified) commented