|
sqlite_escape_string
Escapes a string for use as a query parameter
(PHP 5, PECL sqlite:1.0-1.0.3)
sqlite_escape_string() will correctly quote the string
specified by item
for use in an SQLite SQL statement. This includes doubling up
single-quote characters (
If the item contains a
Although the encoding makes it safe to insert the data, it will render
simple text comparisons and
Warning:
addslashes() should NOT be used to quote your strings for SQLite queries; it will lead to strange results when retrieving your data.
Note:
Do not use this function to encode the return values from UDF's created using sqlite_create_function() or sqlite_create_aggregate() - use sqlite_udf_encode_binary() instead.
See Also
Code Examples / Notes » sqlite_escape_stringminots estichá
sometimes i you have to escape an array instead of a string. my function to do it works like: array sqlite_escape_array ( &array string) <?php function sqlite_escape_array(&$arr) { while ( list($key, $val) = each($arr) ): if ( (strtoupper($key)!=$key OR "".intval($key) == "$key") && $key!="argc" and $key!="argv"): if (is_string($val)): $arr[$key]=sqlite_escape_string($val); endif; if (is_array($val)): $arr[$key]=sqlite_escape_array($val); endif; endif; endwhile; return $arr; } ?> soletan
@minots: simplify what you are doing: <?php function sqlite_escape_array( &$arr ) { $invalid = array( 'argv', 'argc' ); foreach ( $arr as $key => $val ) if ( ( strtoupper( $key ) != $key ) && !is_numeric( $key ) && !in_array( $key, $invalid ) ) { if ( is_string( $val ) ) $arr[$key] = sqlite_escape_string( $val ); else if ( is_array( $val ) ) sqlite_escape_array( $arr[$key] ); } return $arr; } ?> I'm not sure if the condition is equivalent to yours, but this excludes any numeric key, any completely uppercase'd keys and some selected (argc and argv) special keys. In case of never passing $GLOBALS or $_SERVER as argument one might shorten everything to this as a "pipelined" version: <?php function sqlite_escape_array( $arr ) { foreach ( $arr as $key => $val ) if ( is_string( $val ) ) $arr[$key] = sqlite_escape_string( $val ); else if ( is_array( $val ) ) $arr[$key] = sqlite_escape_array( $val ); return $arr; } ?> PHP's syntax is more powerful than those of many other languages, even when it's supporting their one's as well. |
Change Languagesqlite_array_query sqlite_busy_timeout sqlite_changes sqlite_close sqlite_column sqlite_create_aggregate sqlite_create_function sqlite_current sqlite_error_string sqlite_escape_string sqlite_exec sqlite_factory sqlite_fetch_all sqlite_fetch_array sqlite_fetch_column_types sqlite_fetch_object sqlite_fetch_single sqlite_fetch_string sqlite_field_name sqlite_has_more sqlite_has_prev sqlite_key sqlite_last_error sqlite_last_insert_rowid sqlite_libencoding sqlite_libversion sqlite_next sqlite_num_fields sqlite_num_rows sqlite_open sqlite_popen sqlite_prev sqlite_query sqlite_rewind sqlite_seek sqlite_single_query sqlite_udf_decode_binary sqlite_udf_encode_binary sqlite_unbuffered_query sqlite_valid |