1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
<?xml version="1.0" encoding="utf-8"?>
<refentry xml:id="function.odbc-connection-string-quote" xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink">
<refnamediv>
<refname>odbc_connection_string_quote</refname>
<refpurpose>Quotes an ODBC connection string value</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type>string</type><methodname>odbc_connection_string_quote</methodname>
<methodparam><type>string</type><parameter>str</parameter></methodparam>
</methodsynopsis>
<para>
Quotes a value for a connection string, according to ODBC rules.
That is, it will be surrounded by quotes, and any ending curly
braces will be escaped. This should be done for any connection
string values that come from user input. Not doing so can lead
to issues with parsing the connection string, or values being
injected into the connection string.
</para>
<para>
Note that this function does not check if the string is already
quoted, nor if the string needs quoting. For that, call
<function>odbc_connection_string_is_quoted</function> and
<function>odbc_connection_string_should_quote</function>.
</para>
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<variablelist>
<varlistentry>
<term><parameter>str</parameter></term>
<listitem>
<para>
The unquoted string.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
A quoted string, surrounded by curly braces, and properly escaped.
</para>
</refsect1>
<refsect1 role="examples"><!-- {{{ -->
&reftitle.examples;
<example xml:id="odbc-connection-string-quote.example.basic"><!-- {{{ -->
<title><function>odbc_connection_string_quote</function> example</title>
<para>
This example quotes a string, then puts it in a connection string.
Note that the string is quoted, and the ending quote character in
the middle of the string has been escaped.
</para>
<programlisting role="php">
<![CDATA[
<?php
$value = odbc_connection_string_quote("foo}bar");
$connection_string = "DSN=PHP;UserValue=$value";
echo $connection_string;
?>
]]>
</programlisting>
&example.outputs.similar;
<screen>
<![CDATA[
DSN=PHP;UserValue={foo}}bar}
]]>
</screen>
</example><!-- }}} -->
</refsect1><!-- }}} -->
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>odbc_connection_string_is_quoted</function></member>
<member><function>odbc_connection_string_should_quote</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
|
