Skip to content

Commit

Permalink
Update 2.1.0
Browse files Browse the repository at this point in the history
  • Loading branch information
modbot committed Apr 8, 2020
1 parent 4818433 commit 4bf4a7f
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 5 deletions.
30 changes: 29 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ An easy to use class for Database queries in PHP.
DB::connect($db='test',$pass='',$user='root',$host='localhost',$type='mysql');
DB::getPdo();
DB::setPdo($db);
DB::quote();
DB::quote($string,$remove_quotes=false);
DB::query($query, $params = array());
DB::fetchAll($query);
DB::fetchAll_safe($query);
Expand Down Expand Up @@ -105,6 +105,34 @@ First argument is the statement, second argument is an array of parameters (opti

Note: We passed the query into a variable for later re-use.

### Quote
```php
$quoted_string = DB::quote($_GET['id']);
```

```php
# Remove Quotes after quoting, and right before output,
# giving you a similar string as mysql_real_escape_string
$quoted_string = DB::quote($_GET['id'], 1);
```

Escaping in PDO adds quotes around the escaped string, which is an issue if you try doing a **LIKE** query:

```php
# Default Quote adds '' quotes around the field, forcing you to do:
DB::query("SELECT * FROM table WHERE field LIKE ?", ['%'.$input.'%']);
DB::query("SELECT * FROM table WHERE field LIKE ".DB::quote('%'.$input.'%'));

# Removed Quoting, quotes but removes added quotes
DB::query("SELECT * FROM table WHERE field LIKE '%".DB::quote($input,1)."%'";
```

PDO does not provide a way to turn off quotes around escaped strings so, we created a function that simply removes the quotes (first and last characters).
This returns a string similar to the old [mysql_real_escape_string](http://php.net/manual/en/function.mysql-real-escape-string.php) function.

Please note that this requires you to start adding quotes yourself. Escaping is the default when you bind parameters in PDO.
As such, escaping is turned on by default as per the original function (passthrough).

### Fetch and **Safe Fetch**
This is regular returned object. You still need to apply htmlspecialchars yourself.
```php
Expand Down
8 changes: 6 additions & 2 deletions src/Database.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,13 @@ public function getPdo()
{
return $this->pdo;
}
public function quote($string)
public function quote($string,$remove_quotes=false)
{
return $this->pdo->quote($string);
$data = $this->pdo->quote($string);
if($remove_quotes) {
$data = substr($data, 1, -1);
}
return $data;
}
public function query($query, $params = array())
{
Expand Down
4 changes: 2 additions & 2 deletions src/Facade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ public static function getPdo()
{
return self::$db->getPdo();
}
public static function quote($string)
public static function quote($string,$remove_quotes=false)
{
return self::$db->quote($string);
return self::$db->quote($string,$remove_quotes);
}
public static function query($query, $params = array())
{
Expand Down

0 comments on commit 4bf4a7f

Please sign in to comment.