extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-27 00:58:55 +01:00
Code Issues Packages Projects Releases Wiki Activity

added function name_quote, wich quotes table- and columnnames correctly

Browse Source
This commit is contained in:
Carsten Wolff 2004-05-02 17:18:38 +00:00
parent 612398cd08
commit 0bfa697995
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
phpgwapi/inc/class.db.inc.php
View File

@ -859,6 +859,41 @@ if (is_array($str)) $this->halt('db::db_addslashes('.print_r($str,True).",'$type
$this->connect(); $this->connect();
} }
/**
* Correctly Quote Identifiers like table- or colmnnames for use in SQL-statements
*
* This is mostly copy & paste from adodb's datadict class
* @param string $name
* @return string quoted string
*/
function name_quote($name = NULL)
{
if (!is_string($name)) {
return FALSE;
}
$name = trim($name);
if (!$this->Link_ID && !$this->connect())
{
return False;
}
$quote = $this->Link_ID->nameQuote;
// if name is of the form `name`, quote it
if ( preg_match('/^`(.+)`$/', $name, $matches) ) {
return $quote . $matches[1] . $quote;
}
// if name contains special characters, quote it
if ( preg_match('/\W/', $name) ) {
return $quote . $name . $quote;
}
return $name;
}
/** /**
* Escape values before sending them to the database - prevents SQL injunction and SQL errors ;-) * Escape values before sending them to the database - prevents SQL injunction and SQL errors ;-)
* *