/**
* 过滤数据
* @return void
*/
public function escape_string($string, $master_or_slave = 'slave')
{
$this->checkLink($master_or_slave);
if (!$this->link) {
return $this->_error(90311, "数据库连接失败");
}
return $this->link->real_escape_string($string);
}
/**
* 过滤值
*
* @param string $value
* @return string
*/
protected function _parseValue($value)
{
// if (!get_magic_quotes_gpc()) {
// return addslashes($value);
// }
// return $value;
return $this->_link->real_escape_string($value);
}
/**
* Escapes variables/data in order to make it safe to use in a MySQL query
*
* @param string $str | The string to escape
* @return string/boolean | Returns the escaped string on success / FALSE on failure
*/
public function escape($str)
{
if (!$this->isConnected) {
$rc = $this->createConnection();
if ($rc === FALSE) {
return FALSE;
}
}
return $this->mysqli->real_escape_string($str);
}
/**
* @param string $value
* @return string
*/
public function escape($value)
{
if (is_array($value)) {
$dump = var_export($value, true);
$message = 'aMySQLi class error: Try to escape non-string value: ' . $dump;
$error = new AError($message);
$error->toLog()->toDebug()->toMessages();
return false;
}
return $this->connection->real_escape_string((string) $value);
}
/**
* Escapes special characters in a string for use in an SQL statement
*
* @param string $value Value to be escaped
* @param mixed $with_aphostrophe
* @return string
*/
public function esc($value, $with_aphostrophe = "'")
{
// To avoid sql injection
$value = $this->mysqli->real_escape_string($value);
// If `$with_aphostrophe` parameter is specified and it is string then use it
$a = $with_aphostrophe ? is_string($with_aphostrophe) ? $with_aphostrophe : "'" : '';
if ($with_aphostrophe) {
$value = $a . $value . $a;
}
return $value;
}
/**
* Escape all faulty characters in the query
* @param type $str
* @return resource
*/
public function escapeAll($str)
{
$str = str_replace("%", "", $str);
if ($this->db_type == "mysqli") {
return $this->link_id->real_escape_string($str);
} else {
if ($this->db_type == "mysql") {
return mysql_escape_string($str);
}
}
}
public function escape($string)
{
if (get_magic_quotes_runtime()) {
$string = stripslashes($string);
}
if (function_exists($this->db->real_escape_string)) {
return $this->db->real_escape_string($string);
} elseif (function_exists($this->db->quote)) {
return $this->db->quote($string);
} else {
return $string;
}
}
public function addslashes($value)
{
return $this->dbConn->real_escape_string($value);
}
/**
* Escape a string for the database
*
* @param string $str
* @return string
*/
protected function _escape($str)
{
if (is_array($str)) {
error_log('Param passed to _escape($str) was an array: ' . print_r($str, true));
$str = '';
}
return $this->_conn->real_escape_string($str);
}
/**
* Escape a string for the database
*
* @param string $str
* @return string
*/
protected function _escape($str)
{
return $this->_conn->real_escape_string($str);
}
/**
* Escape a value to use it in a query
*
* @see inc/classes/db/MsdDbFactory#escape($val)
* @param mixed $val The value to escape
*
* @return mixed
*/
public function escape($val)
{
return $this->_mysqli->real_escape_string($val);
}
