wb_escape_string

wb_set_script_encoding

Auxiliary Functions

wb_odbc_connect

wb_escape_string

mixed wb_escape_string( resource connection,string value )

Parameters

connection: Identifier of the open connection returned by the wb_connect or wb_pconnect function.
value: string value

Since version

10.0

Description

It returns a modified form of the value string, i.e. the string form suitable for an SQL command.

This function converts at first the value string from coding set by means of wb_set_script_encoding to system coding of the database where the script is connected. Then the function doubles the quotation marks in the value string and replaces ASCII characters with code less than 32 by a sequence #number, where number is the ASCII code of given character.

This function is used for inserting strings into SQL command source text, e.g.:

wb_exec($connection,'INSERT INTO table(column) VALUES(\''.wb_escape_string($user_input).'\');');

Result of this function must be inserted into the SQL command between two quotation marks (it is impossible to insert it between the inverted commas, since the wb_escape_string() function does not double inverted commas).

Returns

This function returns a modified form of the value string, or FALSE in case of an error (insufficient memory, connection is closed etc.)

Example

echo wb_escape_string('abc'def\rghi\njkl');

lists

abc''def'#13'ghi'#10'jkl

wb_set_script_encoding

Auxiliary Functions

wb_odbc_connect