/** * Escapes a string for database insertion * @access public * @param string $val The value that should be escaped * @param bool $mult Whether an incoming array should be treated as such or as several separate calls * @param bool $exec Whether the SQL is supposed to contain a MYSQL function * @param bool $enquote Wrap the result with "'" * @return string|array */ static function escape($val, $mult = false, $exec = false, $enquote = false) { global $DB; if (is_array($val) || is_object($val)) { if ($mult) { foreach ($val as &$v) { $v = Database::escape($v, false, $exec, $enquote); } return $val; } else { $val = Database::arrayEncode($val); } } elseif (is_string($val) && substr($val, 0, 10) == 'b64arrenc:') { $val = 'n' . $val; } if ($exec && preg_match('#^([^\\(]+)\\([^\\(]*\\)$#', $val)) { return $val; } elseif ($enquote) { return "'" . mysql_real_escape_string($val, $DB->Connection) . "'"; } else { return mysql_real_escape_string($val, $DB->Connection); } }