Sanitize a string by escaping characters that could cause an SQL injection attack.
$value = $db->escape('any string');
string Driver_Database_Driver_Postgre::escape( string $value )
参数列表
参数 类型 描述 默认值 $value
string
Value to quote
string
387388389390391392393394395396397398399400401402403404405406407408409410411412413public
function
escape(
$value
)
{
$this
->_change_charset(
$value
);
if
(
is_array
(
$value
))
{
foreach
(
$value
as
$key
=>
$val
)
{
$value
[
$key
] =
$this
->escape(
$val
);
}
return
$value
;
}
elseif
(
is_string
(
$value
) || (
is_object
(
$value
) && method_exists(
$value
,
'__toString'
)))
{
return
"'"
. pg_escape_string(
$value
) .
"'"
;
}
elseif
(
is_bool
(
$value
))
{
return
(
$value
=== false) ? 0 : 1;
}
elseif
(
$value
=== null)
{
return
'NULL'
;
}
return
$value
;
}