Driver_Database_Driver_MySQLI::escape

Sanitize a string by escaping characters that could cause an SQL injection attack.

$value = $db->escape('any string');

string Driver_Database_Driver_MySQLI::escape( string $value )

参数列表

参数类型描述默认值

$value string Value to quote

参数	类型	描述	默认值
`$value`	`string`	Value to quote

返回值

string

File: ./drivers/database/mysqli/mysqli.class.php

public function escape($value)
{
    $connection = $this->connection();

    $this->_change_charset($value);

    if (($value = mysqli_real_escape_string($connection, $value)) === false)
    {
        throw new Exception('Error:' . mysqli_errno($connection), mysqli_error($connection));
    }

    return "'$value'";
}