Escape special characters in a string for use in an SQL statement

cubrid_real_escape_string

(PECL CUBRID >= 8.3.0)

cubrid_real_escape_stringEscape special characters in a string for use in an SQL statement

說明

cubrid_real_escape_string(string $unescaped_string, resource $conn_identifier = ?): string

This function returns the escaped string version of the given string. It will escape the following characters: '. In general, single quotations are used to enclose character string. Double quotations may be used as well depending on the value of ansi_quotes, which is a parameter related to SQL statement. If the ansi_quotes value is set to no, character string enclosed by double quotations is handled as character string, not as an identifier. The default value is yes. If you want to include a single quote as part of a character string, enter two single quotes in a row.

參數

unescaped_string

The string that is to be escaped.

conn_identifier

The CUBRID connection. If the connection identifier is not specified, the last connection opened by cubrid_connect() is assumed.

返回值

Escaped string version of the given string, on success.

false on failure.

範例

示例 #1 cubrid_real_escape_string() example

<?php
$conn 
cubrid_connect("localhost"33000"demodb");

$unescaped_str ' !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~';
$escaped_str cubrid_real_escape_string($unescaped_str);

$len strlen($unescaped_str);

@
cubrid_execute($conn"DROP TABLE cubrid_test");
cubrid_execute($conn"CREATE TABLE cubrid_test (t char($len))");
cubrid_execute($conn"INSERT INTO cubrid_test (t) VALUES('$escaped_str')");

$req cubrid_execute($conn"SELECT * FROM cubrid_test");
$row cubrid_fetch_assoc($req);

var_dump($row);

cubrid_close_request($req);
cubrid_disconnect($conn);
?>

以上例程會輸出:

array(1) {
  ["t"]=>
  string(95) " !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
}

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *