SQLite3::escapeString
(PHP 5 >= 5.3.0, PHP 7)
SQLite3::escapeString — Returns a string that has been properly escaped
Описание
$value
)Returns a string that has been properly escaped for safe inclusion in an SQL statement.
Эта функция (пока) небезопасна для обработки данных в двоичной форме!
To properly handle BLOB fields which may contain NUL characters, use SQLite3Stmt::bindParam() instead.
Список параметров
-
value
-
The string to be escaped.
Возвращаемые значения
Returns a properly escaped string that may be used safely in an SQL statement.
Примечания
addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data.
- PHP Руководство
- Функции по категориям
- Индекс функций
- Справочник функций
- Расширения для работы с базами данных
- Расширения для работы с базами данных отдельных производителей
- SQLite3
- Функция SQLite3::busyTimeout() - Sets the busy connection handler
- SQLite3::changes
- Функция SQLite3::close() - Closes the database connection
- Функция SQLite3::__construct() - Instantiates an SQLite3 object and opens an SQLite 3 database
- Функция SQLite3::createAggregate() - Registers a PHP function for use as an SQL aggregate function
- Функция SQLite3::createCollation() - Registers a PHP function for use as an SQL collating function
- Функция SQLite3::createFunction() - Registers a PHP function for use as an SQL scalar function
- SQLite3::enableExceptions
- Функция SQLite3::escapeString() - Returns a string that has been properly escaped
- Функция SQLite3::exec() - Executes a result-less query against a given database
- Функция SQLite3::lastErrorCode() - Returns the numeric result code of the most recent failed SQLite request
- Функция SQLite3::lastErrorMsg() - Returns English text describing the most recent failed SQLite request
- Функция SQLite3::lastInsertRowID() - Returns the row ID of the most recent INSERT into the database
- Функция SQLite3::loadExtension() - Attempts to load an SQLite extension library
- Функция SQLite3::open() - Opens an SQLite database
- SQLite3::openBlob
- Функция SQLite3::prepare() - Подготавливает SQL-запрос для выполнения
- Функция SQLite3::query() - Выполняет SQL-запрос
- Функция SQLite3::querySingle() - Executes a query and returns a single result
- Функция SQLite3::version() - Returns the SQLite3 library version as a string constant and as a number
Коментарии
The reason this function doesn't escape double quotes is because double quotes are used with names (the equivalent of backticks in MySQL), as in table or column names, while single quotes are used for values.
This is important to remember, especially coming from another SQL implementation. It can cause strange problems, for example, the query:
SELECT * FROM table WHERE column1="column1"
Would actually return every record, because column1 is always equal to column1. This should instead be:
SELECT * FROM table WHERE column1='column1'
Double quotes are not escaped by the function because they are not interpreted specially within single quoted strings.
Be careful if the string contains "\0" char.
see: https://bugs.php.net/bug.php?id=63419