====== addQ ======
~~NOTOC~~
<WRAP right box>
==See Also==
[[v5:reference:connection:qstr]]\\
== Syntax ==
  string addQ(
         string $unquotedText
         )
</WRAP>
==== Description ====
The function ''addQ()'' takes an input string, and applies database specific string quoting. Unlike the method [[v5:reference:connection:qstr]], no pre or post quoting is applied. 

This method is particularly useful when used with [[v5:userguide:learn_bind:bind_vars|bind variable SQL statement execution]], to produce injection resistant code.

------------------------------
==== Usage ====
<code php>
$string = "Patrick O'Reilly";

$SQL = "SELECT * FROM names WHERE name='$string'";

$result = $db->execute($SQL);

/*
 * Execution fails  due to mismatched ` characters
*/

$qString = $db->addQ($string);

/*
 * function returns Patrick O\'Reilly (The resulting string is database-specific)
*/

$SQL = "SELECT * FROM names WHERE name='$qString'";

$result = $db->execute($SQL);

/*
 * Execution succeeds
 */
</code>
==== Using qStr With Bind ====
This example shows a completely database independent bind variable statement with special character escaping, providing strong resistance to SQL injection.
<code php>
$p1 = $db->param('p1');
$p2 = $db->param('p2');
		
/*
* Provide internal escaping of ' characters
*/
$qStringField = $db->addQ($stringField);

$bind = array('p1'=>$integerField,
	      'p2'=>$qStringField);
	
$SQL = "SELECT *
	FROM some_table 
       WHERE integer_field=$p1
	 AND string_field=$p2";

$result = $db->execute($SQL,$bind);
</code>