public static function substitute($sql, $params) { return preg_replace_callback('/[\'?]/', new ParameterPlaceHolderCallback($params), $sql); }
/** * @test */ public function shouldQuoteParams() { //given $sql = "select * from users where surname = ?"; $param = "' or '1' = '1"; //when $result = PreparedStatementEmulator::substitute($sql, array($param)); //then Assert::thatString($result)->isEqualTo("select * from users where surname = " . Db::getInstance()->_dbHandle->quote($param)); }