mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-26 16:48:49 +01:00
added function name_quote, wich quotes table- and columnnames correctly
This commit is contained in:
parent
612398cd08
commit
0bfa697995
@ -859,6 +859,41 @@ if (is_array($str)) $this->halt('db::db_addslashes('.print_r($str,True).",'$type
|
||||
$this->connect();
|
||||
}
|
||||
|
||||
/**
|
||||
* Correctly Quote Identifiers like table- or colmnnames for use in SQL-statements
|
||||
*
|
||||
* This is mostly copy & paste from adodb's datadict class
|
||||
* @param string $name
|
||||
* @return string quoted string
|
||||
*/
|
||||
function name_quote($name = NULL)
|
||||
{
|
||||
if (!is_string($name)) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
$name = trim($name);
|
||||
|
||||
if (!$this->Link_ID && !$this->connect())
|
||||
{
|
||||
return False;
|
||||
}
|
||||
|
||||
$quote = $this->Link_ID->nameQuote;
|
||||
|
||||
// if name is of the form `name`, quote it
|
||||
if ( preg_match('/^`(.+)`$/', $name, $matches) ) {
|
||||
return $quote . $matches[1] . $quote;
|
||||
}
|
||||
|
||||
// if name contains special characters, quote it
|
||||
if ( preg_match('/\W/', $name) ) {
|
||||
return $quote . $name . $quote;
|
||||
}
|
||||
|
||||
return $name;
|
||||
}
|
||||
|
||||
/**
|
||||
* Escape values before sending them to the database - prevents SQL injunction and SQL errors ;-)
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user