I could be dead wrong on this – I’m not an expert in the ADOdb codebase, but I don’t seem able to find the all useful data escaping functions of ADOdb. There is a “qstr” function which appears to perform some escaping, as well as smart quoting of strings – but not much else. No mention of pg_escape_string (or its mysql counterpart). Without a detailed look I’m passing over qstr entirely, and using my own escaping functions instead. Of course that means I have to push in database abstraction rather than rely on the library supposedly doing this for me.

ADOdb Lite has the same issue I believe. Although it might be easier there to plugin a proper native function module for escaping (and probably smart quoting). I think normal escaping and qstr() could cause double escaping. Might test that later.

All I need now is for someone to pop up and explain just how wrong I am – that would actually be a relief…;-)

Quantum Star SE; hey, quit raising the eyebrows. The man is working on that final 0.13 set of changes. I also started adding signups and logins back into the codebase. Expect a final weekend release for testing – after that it’s time to tackle the database table classes and getting the basic location page functionality ported in from the 0.6 pre-alpha I released last April.