Sanitize a string by escaping characters that could cause an SQL injection attack.
$value = $db->escape('any string');
string Driver_Database_Driver_Postgre::escape( string $value )
参数列表
参数 类型 描述 默认值 $valuestringValue to quote
string public function escape($value)
{
$this->_change_charset($value);
if (is_array($value))
{
foreach ($value as $key => $val)
{
$value[$key] = $this->escape($val);
}
return $value;
}
elseif (is_string($value) || (is_object($value) && method_exists($value, '__toString')))
{
return "'". pg_escape_string($value) ."'";
}
elseif (is_bool($value))
{
return ($value === false) ? 0 : 1;
}
elseif ($value === null)
{
return 'NULL';
}
return $value;
}