Zebra_Database::escape PHP Method

Zebra_Database Class Documentation Show file Open project: stefangabos/zebra_database

escape() public method

This method also encloses given string in single quotes! Works even if {@link http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc magic_quotes} is ON. use the method in a query THIS IS NOT THE RECOMMENDED METHOD! $db->query(' SELECT * FROM users WHERE gender = "' . $db->escape($gender) . '" '); the recommended method (variable are automatically escaped this way) $db->query(' SELECT * FROM users WHERE gender = ? ', array($gender));
public escape ( string $string ) : string
$string string String to be quoted and escaped. @return string Returns the quoted string with special characters escaped in order to prevent SQL injections. .
return string 
    function escape($string)
    {
        // if an active connection exists
        if ($this->_connected()) {
            // if "magic quotes" are on, strip slashes
            if (get_magic_quotes_gpc()) {
                $string = stripslashes($string);
            }
            // escape and return the string
            return mysqli_real_escape_string($this->connection, $string);
        }
        // upon error, we don't have to report anything as _connected() method already did
        // just return FALSE
        return false;
    }
Zebra_Database
__construct
__destruct
_build_columns
_build_sql
_connected
_fix_pow
_is_mysql_function
_is_result
_log
close
connect
dcount
delete
dlookup
dmax
dsum
error
escape
fetch_assoc
fetch_assoc_all
fetch_obj
fetch_obj_all
free_result
get_columns
get_link
get_selected_database
get_table_columns
get_table_status
get_tables
halt
implode
insert
insert_bulk
insert_id
insert_update
language
optimize
parse_file
query
seek
select
set_charset
show_debug_console
table_exists
transaction_complete
transaction_start
truncate
update
write_log