SQLite3::escapeString

(PHP 5 >= 5.3.0, PHP 7)

SQLite3::escapeStringReturns a string that has been properly escaped

Описание

public static string SQLite3::escapeString ( string $value )

Returns a string that has been properly escaped for safe inclusion in an SQL statement.

Внимание

Эта функция (пока) небезопасна для обработки данных в двоичной форме!

To properly handle BLOB fields which may contain NUL characters, use SQLite3Stmt::bindParam() instead.

Список параметров

value

The string to be escaped.

Возвращаемые значения

Returns a properly escaped string that may be used safely in an SQL statement.

Примечания

Внимание

addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data.

Коментарии

The reason this function doesn't escape double quotes is because double quotes are used with names (the equivalent of backticks in MySQL), as in table or column names, while single quotes are used for values.

This is important to remember, especially coming from another SQL implementation.  It can cause strange problems, for example, the query:

SELECT * FROM table WHERE column1="column1"

Would actually return every record, because column1 is always equal to column1.  This should instead be:

SELECT * FROM table WHERE column1='column1'

Double quotes are not escaped by the function because they are not interpreted specially within single quoted strings.
2010-08-09 17:14:31
http://php5.kiev.ua/manual/ru/sqlite3.escapestring.html
Be careful if the string contains "\0" char.
see: https://bugs.php.net/bug.php?id=63419
2014-09-26 00:11:08
http://php5.kiev.ua/manual/ru/sqlite3.escapestring.html

    Поддержать сайт на родительском проекте КГБ