string quoteIdentifier (
string $str
)
Format input so it can be safely used as a delimited identifier in a query. Identifiers are objects such as table or column names.
The format returned depends on the database type being used.
Delimited identifiers are known to generally work correctly under the following drivers:
InterBase doesn't seem to be able to use delimited identifiers via PHP 4. They work fine under PHP 5.
$str
the input to be quoted
string - the formatted string
This function can not be called statically.
Function available since: Release 1.6.0
Just because you CAN use delimited identifiers doesn't mean you SHOULD use them. In general, they end up causing way more problems than they solve.
Portability is broken by using the following characters inside delimited identifiers:
- backtick (
`
) -- due to MySQL- double quote (
"
) -- due to Oracle- brackets (
[
or]
) -- due to Access
Using quoteIdentifier()
<?php
// Once you have a valid DB object named $db...
$sql = 'SELECT ' . $db->quoteIdentifier('company name')
. ', address FROM clients';
$res =& $db->query($sql);
?>