webapp/postfixadmin
1
0
Fork 0
mirror of https://github.com/postfixadmin/postfixadmin.git synced 2025-08-06 06:42:37 +03:00
Code Activity

improve docs

Browse Source
This commit is contained in:
David Goodwin
2019-01-11 17:12:16 +00:00
parent 6225899863
commit 5db463b35c
1 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
functions.inc.php
View File

@@ -321,19 +321,25 @@ function check_email($email) {
/** /**
* Clean a string, escaping any meta characters that could be * Clean a string, escaping any meta characters that could be
* used to disrupt an SQL string. i.e. "'" => "\'" etc. * used to disrupt an SQL string. The method of the escaping is dependent on the underlying DB
* and MAY NOT be just \' ing. (e.g. sqlite and PgSQL change "it's" to "it''s".
* *
* @param string $string parameters to escape * The PDO quote function surrounds what you pass in with quote marks; for legacy reasons we remove these,
* but assume the caller will actually add them back in (!).
*
* e.g. caller code looks like :
*
* <code>
* $sql = "SELECT * FROM foo WHERE x = '" . escape_string('fish') . "'";
* </code>
*
* @param int|string $string parameters to escape
* @return string cleaned data, suitable for use within an SQL statement. * @return string cleaned data, suitable for use within an SQL statement.
*/ */
function escape_string($string) { function escape_string($string) {
if (is_numeric($string)) {
return $string;
}
$link = db_connect(); $link = db_connect();
$quoted = $link->quote($string);
return trim($link->quote($string), "'"); return trim($quoted, "'");
} }