public static function substitute($sql, $params)
{
return preg_replace_callback('/[\'?]/', new ParameterPlaceHolderCallback($params), $sql);
} /**
* @test
*/
public function shouldQuoteParams()
{
//given
$sql = "select * from users where surname = ?";
$param = "' or '1' = '1";
//when
$result = PreparedStatementEmulator::substitute($sql, array($param));
//then
Assert::thatString($result)->isEqualTo("select * from users where surname = " . Db::getInstance()->_dbHandle->quote($param));
}
