(no version information, might be only in CVS)
PDO::quote --
Quotes a string for use in a query.
说明
string
PDO::quote ( string string [, int parameter_type] )
警告 |
本函数是实验性的。本函数的行为,包括函数名称以及其它任何关于本函数的文档可能会在没有通知的情况下随
PHP 以后的发布而改变。使用本函数风险自担。 |
PDO::quote() places quotes around the input
string and escapes and single quotes within the input string.
Quoting input strings has been a common means of attempting to
prevent SQL injection attacks; however, an even safer approach
is to use prepared statements with named parameters or placeholders
for the input values.
Not all PDO drivers implement this method.