DB_common::quoteSmart()

DB_common::quoteSmart() – Formats input so it can be safely used as a literal

Synopsis

mixed quoteSmart ( mixed $in )

Description

Format input so it can be safely used as a literal in a query. Literals are values such as strings or numbers which get utilized in places like WHERE, SET and VALUES clauses of SQL statements.

The format returned depends on the PHP data type of input and the database type being used.

Parameter

mixed $in

the input to be quoted

Return value

mixed - the formatted data

The format of the results depends on the input's PHP type:

  • input -> returns

  • NULL -> the string NULL

  • integer or float -> the unquoted number

  • boolean -> output depends on the driver in use

    Most drivers return integers: 1 if true or 0 if false. Some return strings: TRUE if true or FALSE if false. Finally one returns strings: T if true or F if false. Here is a list of each DBMS, the values returned and the suggested column type:

    • dbase -> T/F (Logical)

    • fbase -> TRUE/FALSE (BOOLEAN)

    • ibase -> 1/0 (SMALLINT) [1]

    • ifx -> 1/0 (SMALLINT) [1]

    • msql -> 1/0 (INTEGER)

    • mssql -> 1/0 (TINYINT)

    • mysql -> 1/0 (TINYINT(1))

    • mysqli -> 1/0 (TINYINT(1))

    • oci8 -> 1/0 (NUMBER(1))

    • odbc -> 1/0 (SMALLINT) [1]

    • pgsql -> TRUE/FALSE (BOOLEAN)

    • sqlite -> 1/0 (INTEGER)

    • sybase -> 1/0 (TINYINT)

    [1] Accommodate the lowest common denominator because not all versions of have BOOLEAN.

  • other (including strings and numeric strings) -> a string which has been escaped in a DBMS specific way (using escapeSimple()) and then surrounded by single quotes

Note

This function can not be called statically.

Function available since: Release 1.6.0

Example

Using quoteSmart()

<?php
// Once you have a valid DB object named $db...
$name   "all's well";
$active true;
$sql    'SELECT * FROM clients WHERE name = '
          
$db->quoteSmart($name)
          . 
' AND active = '
          
$db->quoteSmart($active);

$res =& $db->query($sql);
?>
Formats a string so it can be safely used as an identifier (Previous) Rolls back the current transaction (Next)
Last updated: Sat, 16 Feb 2019 — Download Documentation
Do you think that something on this page is wrong? Please file a bug report.
View this page in:
  • English

User Notes:

There are no user contributed notes for this page.