/** * 过滤数据 * @return void */ public function escape_string($string, $master_or_slave = 'slave') { $this->checkLink($master_or_slave); if (!$this->link) { return $this->_error(90311, "数据库连接失败"); } return $this->link->real_escape_string($string); }
/** * 过滤值 * * @param string $value * @return string */ protected function _parseValue($value) { // if (!get_magic_quotes_gpc()) { // return addslashes($value); // } // return $value; return $this->_link->real_escape_string($value); }
/** * Escapes variables/data in order to make it safe to use in a MySQL query * * @param string $str | The string to escape * @return string/boolean | Returns the escaped string on success / FALSE on failure */ public function escape($str) { if (!$this->isConnected) { $rc = $this->createConnection(); if ($rc === FALSE) { return FALSE; } } return $this->mysqli->real_escape_string($str); }
/** * @param string $value * @return string */ public function escape($value) { if (is_array($value)) { $dump = var_export($value, true); $message = 'aMySQLi class error: Try to escape non-string value: ' . $dump; $error = new AError($message); $error->toLog()->toDebug()->toMessages(); return false; } return $this->connection->real_escape_string((string) $value); }
/** * Escapes special characters in a string for use in an SQL statement * * @param string $value Value to be escaped * @param mixed $with_aphostrophe * @return string */ public function esc($value, $with_aphostrophe = "'") { // To avoid sql injection $value = $this->mysqli->real_escape_string($value); // If `$with_aphostrophe` parameter is specified and it is string then use it $a = $with_aphostrophe ? is_string($with_aphostrophe) ? $with_aphostrophe : "'" : ''; if ($with_aphostrophe) { $value = $a . $value . $a; } return $value; }
/** * Escape all faulty characters in the query * @param type $str * @return resource */ public function escapeAll($str) { $str = str_replace("%", "", $str); if ($this->db_type == "mysqli") { return $this->link_id->real_escape_string($str); } else { if ($this->db_type == "mysql") { return mysql_escape_string($str); } } }
public function escape($string) { if (get_magic_quotes_runtime()) { $string = stripslashes($string); } if (function_exists($this->db->real_escape_string)) { return $this->db->real_escape_string($string); } elseif (function_exists($this->db->quote)) { return $this->db->quote($string); } else { return $string; } }
public function addslashes($value) { return $this->dbConn->real_escape_string($value); }
/** * Escape a string for the database * * @param string $str * @return string */ protected function _escape($str) { if (is_array($str)) { error_log('Param passed to _escape($str) was an array: ' . print_r($str, true)); $str = ''; } return $this->_conn->real_escape_string($str); }
/** * Escape a string for the database * * @param string $str * @return string */ protected function _escape($str) { return $this->_conn->real_escape_string($str); }
/** * Escape a value to use it in a query * * @see inc/classes/db/MsdDbFactory#escape($val) * @param mixed $val The value to escape * * @return mixed */ public function escape($val) { return $this->_mysqli->real_escape_string($val); }