ivo/ponzi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1312 from franzliedke/patch-53

Browse Source 
DB::escape()
This commit is contained in:
Taylor Otwell
2013-01-05 13:03:31 -08:00
parent 62b55ff7a1 d7dfd4f915
commit d089046160
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
laravel/database.php
View File

@@ -125,6 +125,19 @@ class Database {
return new Expression($value); return new Expression($value);
} }
/**
* Escape a string for usage in a query.
*
* This uses the correct quoting mechanism for the default database connection.
*
* @param string $value
* @return string
*/
public static function escape($value)
{
return static::connection()->pdo->quote($value);
}
/** /**
* Get the profiling data for all queries. * Get the profiling data for all queries.
* *

2
laravel/profiling/profiler.php
View File

@@ -145,7 +145,7 @@ class Profiler {
{ {
foreach ($bindings as $binding) foreach ($bindings as $binding)
{ {
$binding = Database::connection()->pdo->quote($binding); $binding = Database::escape($binding);
$sql = preg_replace('/\?/', $binding, $sql, 1); $sql = preg_replace('/\?/', $binding, $sql, 1);
$sql = htmlspecialchars($sql); $sql = htmlspecialchars($sql);