DB_common::quoteSmart()
Synopsis
mixed quoteSmart (
mixed $in
)
Description
Format input so it can be safely used as a literal in a query. Literals are values such as strings or numbers which get utilized in places like WHERE, SET and VALUES clauses of SQL statements.
The format returned depends on the PHP data type of input and the database type being used.
Parameter
-
mixed
$in
-
the input to be quoted
Return value
mixed - the formatted data
The format of the results depends on the input's PHP type:
-
input
->returns
-
NULL -> the string
NULL
-
integer or float -> the unquoted number
-
boolean -> output depends on the driver in use
Most drivers return integers:
1
iftrue
or0
iffalse
. Some return strings:TRUE
iftrue
orFALSE
iffalse
. Finally one returns strings:T
iftrue
orF
iffalse
. Here is a list of each DBMS, the values returned and the suggested column type:-
dbase
->T/F
(Logical
) -
fbase
->TRUE/FALSE
(BOOLEAN
) -
ibase
->1/0
(SMALLINT
) [1] -
ifx
->1/0
(SMALLINT
) [1] -
msql
->1/0
(INTEGER
) -
mssql
->1/0
(TINYINT
) -
mysql
->1/0
(TINYINT(1)
) -
mysqli
->1/0
(TINYINT(1)
) -
oci8
->1/0
(NUMBER(1)
) -
odbc
->1/0
(SMALLINT
) [1] -
pgsql
->TRUE/FALSE
(BOOLEAN
) -
sqlite
->1/0
(INTEGER
) -
sybase
->1/0
(TINYINT
)
[1] Accommodate the lowest common denominator because not all versions of have
BOOLEAN
. -
-
other (including strings and numeric strings) -> a string which has been escaped in a DBMS specific way (using escapeSimple()) and then surrounded by single quotes
Note
This function can not be called statically.
Function available since: Release 1.6.0
Example
Using quoteSmart()
<?php
// Once you have a valid DB object named $db...
$name = "all's well";
$active = true;
$sql = 'SELECT * FROM clients WHERE name = '
. $db->quoteSmart($name)
. ' AND active = '
. $db->quoteSmart($active);
$res =& $db->query($sql);
?>