On Tue, 19 May 2009 06:51:05 +0200 Christian Grobmeier <[email protected]> wrote:
> Hi Christian, > > > I've not read the code completely but shouldn't there be a quote() or > > something around the insert statement? Although this is just the > > template, the single quote indicate at least that $sth->quote() is > > not used. > > i am not sure what you mean with the above? I fear that if I log a message that contains a single quote the SQL query you build will produce an SQL syntax error. The quote() function (http://de2.php.net/manual/en/pdo.quote.php) puts backslashes before every quote and then a pair of single quotes around the result so you would have the diff: - VALUES ('%d','%c','%p','%m','%t','%F','%L')"; + VALUES (%d,%c,%p,%m,%t,%F,%L)"; > > BTW, as you're aiming for speed, did you consider a PDO Prepared > > Statement? > > you are right, a PS would fit better in most cases. If you have some > cycles, I would apply all patches you bring in :-) Hm.. I try to find time but don't be too optimistic :) bye, -christian- > Cheers, > Christian > > > > > bye, > > > > -christian- > > > > > > Am Thu, 07 May 2009 06:29:31 -0000 > > schrieb [email protected]: > > > >> Author: grobmeier > >> Date: Thu May 7 06:29:28 2009 > >> New Revision: 772512 > > ... > >> + public function activateOptions() { > > ... > >> + > >> + if($this->sql == '' || $this->sql == null) { > >> + $this->sql = "INSERT INTO $this->table ( timestamp, " . > >> + > >> > >> "logger, > >> " . > >> + > >> > >> "level, > >> " . > >> + > >> > >> "message, > >> " . > >> + > >> > >> "thread, > >> " . > >> + > >> > >> "file, > >> " . > >> + > >> > >> "line" . > >> + ") VALUES > >> ('%d','%c','%p','%m','%t','%F','%L')"; > >> + } > >> + > >
