PHP 8.5.0 Alpha 2 available for testing

    SQLite3::escapeString

    (PHP 5 >= 5.3.0, PHP 7, PHP 8)

    SQLite3::escapeStringDevuelve una cadena limpiada

    Descripción

    public static SQLite3::escapeString(string $string): string

    Devuelve una cadena que ha sido limpiada para poder ser incluida de forma segura en las consultas SQL.

    Advertencia

    Esta función no es capaz de manejar strings binarios !

    Para manejar correctamente los campos BLOB que contienen caracteres NUL, es preferible utilizar la función SQLite3Stmt::bindParam().

    Parámetros

    string

    La cadena a limpiar.

    Valores devueltos

    Devuelve una cadena limpiada, que podrá ser utilizada de forma segura en una consulta SQL.

    Notas

    Advertencia

    La función addslashes() no debe PAS ser utilizada para proteger la cadena en las consultas SQL; podrían observarse resultados extraños al recuperar los datos.

    Found A Problem?

    Learn How To Improve This PageSubmit a Pull RequestReport a Bug
    add a note

    User Contributed Notes 2 notes

    up
    2
    alec at alecnewman dot com
    14 years ago
    The reason this function doesn't escape double quotes is because double quotes are used with names (the equivalent of backticks in MySQL), as in table or column names, while single quotes are used for values.

    This is important to remember, especially coming from another SQL implementation. It can cause strange problems, for example, the query:

    SELECT * FROM table WHERE column1="column1"

    Would actually return every record, because column1 is always equal to column1. This should instead be:

    SELECT * FROM table WHERE column1='column1'

    Double quotes are not escaped by the function because they are not interpreted specially within single quoted strings.
    up
    0
    nhl261 at yahoo dot com
    10 years ago
    Be careful if the string contains "\0" char.
    see: https://bugs.php.net/bug.php?id=63419
    add a note
    To Top