DB_common::quoteIdentifier()

DB_common::quoteIdentifier() – Formats a string so it can be safely used as an identifier

Synopsis

string quoteIdentifier ( string $str )

Description

Format input so it can be safely used as a delimited identifier in a query. Identifiers are objects such as table or column names.

The format returned depends on the database type being used.

Delimited identifiers are known to generally work correctly under the following drivers:

  • mssql
  • mysql
  • mysqli
  • oci8
  • odbc(access)
  • odbc(db2)
  • pgsql
  • sqlite
  • sybase

InterBase doesn't seem to be able to use delimited identifiers via PHP 4. They work fine under PHP 5.

Parameter

string $str

the input to be quoted

Return value

string - the formatted string

Note

This function can not be called statically.

Function available since: Release 1.6.0

Just because you CAN use delimited identifiers doesn't mean you SHOULD use them. In general, they end up causing way more problems than they solve.

Portability is broken by using the following characters inside delimited identifiers:

  • backtick (`) -- due to MySQL
  • double quote (") -- due to Oracle
  • brackets ([ or ]) -- due to Access

Example

Using quoteIdentifier()

<?php
// Once you have a valid DB object named $db...
$sql 'SELECT ' $db->quoteIdentifier('company name')
       . 
', address FROM clients';

$res =& $db->query($sql);
?>