Differences

This shows you the differences between two versions of the page.

--- reference:qstr [2015/07/19 06:59] – created mnewnham
+++ v5:reference:connection:qstr [2018/07/16 19:38] – start functions lowercase peterdd
@@ Line 2: / Line 2: @@
 ~~NOTOC~~
 <WRAP right box>
+== See Also ==
+[[v5:reference:connection:addq|addQ()]]\\
 == Syntax ==
   string qStr(
-         string $unquoted
+         string $unquoted,
+         optional bool $dontFixQuotes=false
          )
 </WRAP>
 ==== Description ====
-The function ''qStr()'' takes an input string, and allows it to be appropriately quoted to a database-specific standard. If the string itself contains quotes, they are escaped in the correct way. The field can then be used, for example in an SQL statement.
+The function ''qStr()'' takes an input string, and allows it to be:
+  - Wrapped in single quotes.The value can then be used, for example in an SQL statement.
+  - Have quotes inside the string escaped in a way that is appropriate for the database. This is done wherever possible using PHP driver functions e.g. [[http://php.net/manual/en/mysqli.real-escape-string.php|MySQL real_escape_string]]. The second parameter, ''$dontFixQuotes'' stops any internal quoting happening, This parameter was mostly used in older versions of PHP when the now removed ''magic_quotes'' parameter was enabled, and the 2 methods were in conflict.
+------------------------------
 ==== Usage ====
 <code php>
@@ Line 16: / Line 23: @@
 $SQL = "SELECT * FROM names WHERE name='$string'";
-$result = $db->Execute($SQL);
+$result = $db->execute($SQL);
 /*
@@ Line 30: / Line 37: @@
 $SQL = "SELECT * FROM names WHERE name=$qString";
-$result = $db->Execute($SQL);
+$result = $db->execute($SQL);
 /*
- * Execution Succeeds
+ * Execution succeeds
  */
 </code>