function q_str($value, $addquote = true) { if (!$this->conn) { $this->connect(); } if (is_bool($value)) { return $value ? 1 : 0; } if (is_null($value)) { return 'NULL'; } $value = stripslashes($value); if ($this->type == "PDO") { if ($addquote) { return $this->conn->quote($value); } else { return $value; } } else { if ($this->type == "SQLite3") { $value = $this->conn->escapeString($value); return $addquote ? "'" . $value . "'" : $value; } else { $value = sqlite_escape_string($value); return $addquote ? "'" . $value . "'" : $value; } } }
/** * Quote Trusted Value * * The ability to quote values without notices * * @param $value * @return mixed */ public function quoteTrustedValue($value) { if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return '\'' . str_replace('\'', '\'\'', $value) . '\''; }
/** * Add items on the database * * @param Integer $feed_id ToDo desc * @param Array $items ToDo desc * * @return void */ public function addItems($feed_id, $items) { if (empty($items)) { return; } $items = array_slice($items, 0, intval($this->getConfig('FeedTicker.itemsLimit', 5))); $dli = intval($this->getConfig('FeedTicker.dateLimit', 60 * 60 * 24 * 7)); $dateLimit = time() - $dli; $q = $this->db->prepare('INSERT INTO ft_items ( feed_id, updated, title, link, author, read ) VALUES ( :feed_id, :updated, :title, :link, :author, :read )'); foreach ($items as $i) { if (!empty($i['updated']) and $i['updated'] < $dateLimit) { continue; } // Check if this item already exists $sql = 'SELECT COUNT(*) FROM ft_items WHERE feed_id = ' . $this->db->quote($feed_id) . ' AND link = ' . $this->db->quote(trim($i['link'])); $opa = $this->db->query($sql)->fetchColumn(); if ((bool) $this->db->query($sql)->fetchColumn()) { continue; } $q->execute(array(':feed_id' => $feed_id, ':updated' => trim($i['updated']), ':title' => trim($i['title']), ':link' => trim($i['link']), ':author' => trim($i['author']), ':read' => 0)); } }
/** * {@inheritDoc} * * @param string $str string to escape * @return string a string which is safe to insert into the db */ function escapeString($str) { return substr($this->pdo->quote($str), 1, -1); /* pdo->quote adds quotes around string rather than just escape. As existing code then adds an additional pair of quotes we need to strip inner quotes */ }
/** * Quote Trusted Value * * The ability to quote values without notices * * @param $value * @return mixed */ public function quoteTrustedValue($value) { if (is_resource($this->resource)) { return '\'' . pg_escape_string($this->resource, $value) . '\''; } if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return '\'' . addcslashes($value, "\n\r\\'\"") . '\''; }
/** * 转义字符串 * * @param string $value * @return mixed */ function qstr($value) { if (is_bool($value)) { return $value ? $this->TRUE_VALUE : $this->FALSE_VALUE; } if (is_null($value)) { return $this->NULL_VALUE; } return $this->conn->quote($value); }
/** * Add escape characters for importing data * * @param string $str String to parse * @return string */ public function escapeString($string) { try { $string = $this->connection->quote($string); return substr($string, 1, -1); } catch (PDOException $e) { $this->_loadError($link, $e); } return false; }
/** * {@inheritDoc} */ public function quoteTrustedValue($value) { if ($this->resource instanceof DriverInterface) { $this->resource = $this->resource->getConnection()->getResource(); } if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return '\'' . str_replace('\'', '\'\'', $value) . '\''; }
/** * {@inheritDoc} */ public function quoteTrustedValue($value) { if ($this->resource instanceof DriverInterface) { $this->resource = $this->resource->getConnection()->getResource(); } if (is_resource($this->resource)) { return '\'' . pg_escape_string($this->resource, $value) . '\''; } if ($this->resource instanceof \PDO) { return $this->resource->quote($value); } return 'E' . parent::quoteTrustedValue($value); }
public function escape($string) { if (get_magic_quotes_runtime()) { $string = stripslashes($string); } if (function_exists($this->db->real_escape_string)) { return $this->db->real_escape_string($string); } elseif (function_exists($this->db->quote)) { return $this->db->quote($string); } else { return $string; } }
/** * Quote a string for a quote. Note you should generally use a bind! * @param string $val Value to quote * @param string $type Value type * @return string */ public function quote($val, $type = \PDO::PARAM_STR) { return $this->_db->quote($val, $type); }
/** * Deletes old codes from sqlite database */ protected function purgeOldCodesFromDatabase() { if ($this->use_database && $this->pdo_conn) { $now = time(); $limit = !is_numeric($this->expiry_time) || $this->expiry_time < 1 ? 86400 : $this->expiry_time; $query = sprintf("DELETE FROM %s WHERE %s - created > %s", $this->database_table, $this->pdo_conn->quote($now, PDO::PARAM_INT), $this->pdo_conn->quote($limit, PDO::PARAM_INT)); $result = $this->pdo_conn->query($query); } }
/** Save migration status to database * * @param resource $db DB link * @param string $file_name Migration file name * * @return boolean true on success, false on failure */ function migration_save($db, $file_name) { $query = "INSERT INTO migrations (version, apply_time) VALUES(" . $db->quote($file_name, 'text') . "," . $db->quote(time(), 'text') . ")"; return $db->query($query); }
/** * escape * @param string $sql * @param resource $connResource * @return string */ public function escape($sql, $connResource) { // quote返回值带最前面和最后面的单引号, 这里去掉, DbHandler中加 return trim($connResource->quote($sql), "'"); }
/** * Quotes a string for use in a query. * * @param string $string string to quote * * @return string * @deprecated since version 2.6.0 - alpha 3. Switch to doctrine connector. */ public function quote($string) { $this->deprecated(); return $this->conn->quote($string); }
/** * Quotes a string for use in a query. * * @param mixed $value * @return mixed */ public function quote($value) { return $this->_conn->quote($value); }
/** * Escape a string for use in SQL string * * @param string $str String to escape * @return string The escaped string */ function escape($str) { return $this->conn->quote($str); }
/** * Determines if a table exists * * @param string $name Table name * * @return bool */ protected function haveTable($name) { $sql = 'SELECT COUNT(*) FROM sqlite_master WHERE name = ' . $this->db->quote($name); return (bool) $this->db->query($sql)->fetchColumn(); }
/** * Remove a stored code from the database based on captchaId or IP address. */ protected function clearCodeFromDatabase() { if ($this->pdo_conn) { $ip = $_SERVER['REMOTE_ADDR']; $ns = $this->pdo_conn->quote($this->namespace); $id = Securimage::$_captchaId; if (empty($id)) { $id = $ip; // if no captchaId set, IP address is captchaId. } $id = $this->pdo_conn->quote($id); $query = sprintf("DELETE FROM %s WHERE id = %s AND namespace = %s", $this->database_table, $id, $ns); $result = $this->pdo_conn->query($query); if (!$result) { trigger_error("Failed to delete code from database.", E_USER_WARNING); } } }