PDO::quote
(no version information, might be only in CVS)
PDO::quote --
Quotes a string for use in a query.
Descripción
string
PDO::quote ( string string [, int parameter_type] )
Aviso |
Esta función
es EXPERIMENTAL. Esto significa que el
comportamiento de esta función, el nombre de esta
función y en definitiva TODO lo documentado sobre esta
función, puede cambiar en una futura version de PHP SIN
AVISO. La advertencia queda hecha, y utilizar esta extensión
queda bajo su propia responsabilidad. |
PDO::quote() places quotes around the input
string and escapes and single quotes within the input string, using a
quoting style appropriate to the underlying driver.
If you're using this function to build SQL, it is recommended that you
using prepared statements and bound parameters instead, as it is not only
more convenient, but often much faster.
Not all PDO drivers implement this method (notably PDO_ODBC). Consider
using prepared statements instead.
Lista de parámetros
- string
The string to be quoted.
- parameter_type
Provides a data type hint for drivers that have alternate quoting styles.
The default value is PDO_PARAM_STR.
Valores retornados
Returns a quoted string that is theoretically safe to pass into an
SQL statement. Returns FALSE if the driver does not support quoting in
this way.
Ejemplos
Ejemplo 1. Quoting a normal string
<?php $conn = new PDO('sqlite:/home/lynn/music.sql3');
/* Simple string */ $string = 'Nice'; print "Unquoted string: $string\n"; print "Quoted string: " . $conn->quote($string) . "\n"; ?>
|
El resultado del ejemplo seria: Unquoted string: Nice
Quoted string: 'Nice' |
|
Ejemplo 2. Quoting a dangerous string
<?php $conn = new PDO('sqlite:/home/lynn/music.sql3');
/* Dangerous string */ $string = 'Naughty \' string'; print "Unquoted string: $string\n"; print "Quoted string:" . $conn->quote($string) . "\n"; ?>
|
El resultado del ejemplo seria: Unquoted string: Naughty ' string
Quoted string: 'Naughty '' string' |
|
Ejemplo 3. Quoting a complex string
<?php $conn = new PDO('sqlite:/home/lynn/music.sql3');
/* Complex string */ $string = "Co'mpl''ex \"st'\"ring"; print "Unquoted string: $string\n"; print "Quoted string: " . $conn->quote($string) . "\n"; ?>
|
El resultado del ejemplo seria: Unquoted string: Co'mpl''ex "st'"ring
Quoted string: 'Co''mpl''''ex "st''"ring' |
|
Ver también
PDO::prepare() |
PDOStatement::execute() |