qstr

Quotes a string, used when not using prepared statements and want to safetly insert/update data, it uses real_escape_string.

Parameters

qstr($string)
$string:The var to quote.

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
<?php

require_once 'dalmp.php';

$user = getenv('MYSQL_USER') ?: 'root';
$password = getenv('MYSQL_PASS') ?: '';

$DSN = "utf8://$user:$password".'@127.0.0.1/test';

$db = new DALMP\Database($DSN);

$data = "nbari' OR admin";
$query = $db->qstr($data);

$db->GetRow("SELECT * FROM users WHERE name=$query");

Warning

This method will query the database every time is called, so in cases where you are using cache it is not very usefull, since it will need to connect to the database before doing the query.

Thanks Navicat for supporting Open Source projects.

Navicat



A great amount of time has been spent creating, crafting and maintaining this software, please consider donating.

Donating helps ensure continued support, development and availability.

dalmp


comments powered by Disqus