ADOdb

Database Abstraction Layer for PHP

User Tools

Site Tools


v5:reference:connection:addq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
v5:reference:connection:addq [2017/05/17 18:58] mnewnhamv5:reference:connection:addq [2021/01/25 03:00] (current) mnewnham
Line 6: Line 6:
 == Syntax == == Syntax ==
   string addQ(   string addQ(
-         string $unquoted, +         string $unquotedText
-         optional bool $dontFixQuotes=false+
          )          )
 </WRAP> </WRAP>
Line 22: Line 21:
 $SQL = "SELECT * FROM names WHERE name='$string'"; $SQL = "SELECT * FROM names WHERE name='$string'";
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
Line 36: Line 35:
 $SQL = "SELECT * FROM names WHERE name='$qString'"; $SQL = "SELECT * FROM names WHERE name='$qString'";
  
-$result = $db->Execute($SQL);+$result = $db->execute($SQL);
  
 /* /*
- * Execution Succeeds+ * Execution succeeds
  */  */
 </code> </code>
 +==== Using qStr With Bind ====
 +This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
 +<code php>
 +$p1 = $db->param('p1');
 +$p2 = $db->param('p2');
 +
 +/*
 +* Provide internal escaping of ' characters
 +*/
 +$qStringField = $db->addQ($stringField);
  
 +$bind = array('p1'=>$integerField,
 +       'p2'=>$qStringField);
 +
 +$SQL = "SELECT *
 + FROM some_table 
 +       WHERE integer_field=$p1
 + AND string_field=$p2";
 +
 +$result = $db->execute($SQL,$bind);
 +</code>
v5/reference/connection/addq.1495040313.txt.gz · Last modified: 2017/05/17 18:58 by mnewnham