From d16bab12339fe2746e1ead72ba96351c3423c27c Mon Sep 17 00:00:00 2001
From: Derek Jones <derek.jones@ellislab.com>
Date: Wed, 24 Sep 2008 18:22:03 +0000
Subject: added removal of non-printing characters to escape_str() of drivers
 that do not have native PHP escaping mechanisms

---
 user_guide/changelog.html | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'user_guide')

diff --git a/user_guide/changelog.html b/user_guide/changelog.html
index bad3d089e..94e41a893 100644
--- a/user_guide/changelog.html
+++ b/user_guide/changelog.html
@@ -74,6 +74,12 @@ SVN Revision: XXXX</p>
 			<li>Changed the output of the profiler to use style attribute rather than clear, and added the id "codeigniter_profiler" to the container div</li>
 		</ul>
 	</li>
+	<li>Database
+		<ul>
+			<li>Added removal of non-printing control characters in escape_str() of DB drivers that do not have native PHP escaping mechanisms (mssql, oci8, odbc), to avoid
+				potential SQL errors, and possible sources of SQL injection.</li>
+		</ul>
+	</li>
 	<li>Helpers
 		<ul>
 			<li>Added several new "setting" functions to the <a href="helpers/form_helper.html">Form helper</a> that allow POST data to be retrieved and set into forms.  These are intended to be used on their own, or with the new <a href="libraries/form_validation.html">Form Validation Class</a>.</li>
-- 
cgit v1.2.3-24-g4f1b