Finally!

New CodeIgniter version 1.5.4 finally fixed it's mysql library. CI is a great framework, but I had that mysql bug for ages. I found it in 1.5.0 when I was working on my previous project.

They used some lame stuff with magic_quotes and addslashes to escape strings, and it worked in many cases of trivial text data and didn't work in much more cases when the data was more complex. I did a fix for my CI installation, was going to file a bug and submit a patch, but someone did that before me. It was in early 2007.

And now they finally fixed that in release. And even more: they got rid of that nasty little magic quotes stuff. Since now, if magic_quotes_gpc if on, CI uses stripslashes, so all data inside it is always unquoted.

I'm really glad about it as I almost started thinking Code Igniter is abandoned, and was going to switch to it's community branch, Kohana.

See CodeIgniter Changelog for more details.

If you liked this post, why not subscribe to my RSS feed?

Top

Category: work Words: code igniter, mysql, injection, fix