/**
* Escapes a string for database insertion
* @access public
* @param string $val The value that should be escaped
* @param bool $mult Whether an incoming array should be treated as such or as several separate calls
* @param bool $exec Whether the SQL is supposed to contain a MYSQL function
* @param bool $enquote Wrap the result with "'"
* @return string|array
*/
static function escape($val, $mult = false, $exec = false, $enquote = false)
{
global $DB;
if (is_array($val) || is_object($val)) {
if ($mult) {
foreach ($val as &$v) {
$v = Database::escape($v, false, $exec, $enquote);
}
return $val;
} else {
$val = Database::arrayEncode($val);
}
} elseif (is_string($val) && substr($val, 0, 10) == 'b64arrenc:') {
$val = 'n' . $val;
}
if ($exec && preg_match('#^([^\\(]+)\\([^\\(]*\\)$#', $val)) {
return $val;
} elseif ($enquote) {
return "'" . mysql_real_escape_string($val, $DB->Connection) . "'";
} else {
return mysql_real_escape_string($val, $DB->Connection);
}
}
