v5:reference:connection:addq
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revisionNext revisionBoth sides next revision | ||
reference:addq [2016/01/07 04:04] – created mnewnham | v5:reference:connection:addq [2017/05/17 19:06] – [Usage] mnewnham | ||
---|---|---|---|
Line 2: | Line 2: | ||
~~NOTOC~~ | ~~NOTOC~~ | ||
<WRAP right box> | <WRAP right box> | ||
- | == See Also -- | + | ==See Also== |
- | [[refrence:qStr()]]\\ | + | [[v5:reference: |
== Syntax == | == Syntax == | ||
string addQ( | string addQ( | ||
Line 11: | Line 11: | ||
</ | </ | ||
==== Description ==== | ==== Description ==== | ||
- | The function '' | + | The function '' |
- | - Wrapped in single quotes.The value can then be used, for example in an SQL statement. | + | This method |
- | - Have quotes inside the string escaped in a way that is appropriate for the database. | + | |
------------------------------ | ------------------------------ | ||
Line 29: | Line 28: | ||
*/ | */ | ||
- | $qString = $db->qStr($string); | + | $qString = $db->addQ($string); |
/* | /* | ||
Line 43: | Line 42: | ||
*/ | */ | ||
</ | </ | ||
+ | ==== Using qStr With Bind ==== | ||
+ | This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection. | ||
+ | <code php> | ||
+ | $p1 = $db-> | ||
+ | $p2 = $db-> | ||
+ | |||
+ | /* | ||
+ | * Provide internal escaping of ' characters | ||
+ | */ | ||
+ | $qStringField = $db-> | ||
+ | $bind = array(' | ||
+ | ' | ||
+ | |||
+ | $SQL = " | ||
+ | FROM some_table | ||
+ | WHERE integer_field=$p1 | ||
+ | AND string_field=$p2"; | ||
+ | |||
+ | $result = $db-> | ||
+ | </ |
v5/reference/connection/addq.txt · Last modified: 2021/01/25 03:00 by mnewnham