DB_common::quoteIdentifier()
Synopsis
string quoteIdentifier (
string $str
)
Description
Format input so it can be safely used as a delimited identifier in a query. Identifiers are objects such as table or column names.
The format returned depends on the database type being used.
Delimited identifiers are known to generally work correctly under the following drivers:
- mssql
- mysql
- mysqli
- oci8
- odbc(access)
- odbc(db2)
- pgsql
- sqlite
- sybase
InterBase doesn't seem to be able to use delimited identifiers via PHP 4. They work fine under PHP 5.
Parameter
-
string
$str
-
the input to be quoted
Return value
string - the formatted string
Note
This function can not be called statically.
Function available since: Release 1.6.0
Just because you CAN use delimited identifiers doesn't mean you SHOULD use them. In general, they end up causing way more problems than they solve.
Portability is broken by using the following characters inside delimited identifiers:
- backtick (
`
) -- due to MySQL- double quote (
"
) -- due to Oracle- brackets (
[
or]
) -- due to Access
Example
Using quoteIdentifier()
<?php
// Once you have a valid DB object named $db...
$sql = 'SELECT ' . $db->quoteIdentifier('company name')
. ', address FROM clients';
$res =& $db->query($sql);
?>