The other two relevant functions are introduced
in the next section.
586 CHAPTER 22 ?– SQLITE
Some characters or character sequences have special meaning to a database, and
therefore they must be treated with special care when being inserted into a table. For
example, SQLite expects that single quotes signal the delimitation of a string. However,
because this character is often used within data that you might want to include in a
table column, a means is required for tricking the database server into ignoring single
quotes on these occasions. This is commonly referred to as escaping these special
characters, often done by prefacing the special character with some other character,
a single quote ('), for example. Although you can do this manually, a function is available
that will do the job for you. The sqlite_escape_string() function escapes any
single quotes and other binary-unsafe characters intended for insertion in an SQLite
table. Its prototype follows:
string sqlite_escape_string(string item)
Let??™s use this function to escape an otherwise invalid query string:
$str = "As they always say, this is 'an' example.";
echo sqlite_escape_string($str);
?>
This returns the following:
As they always say, this is ''an'' example.
If the string contains a NULL character or begins with 0x01, circumstances that have
special meaning when working with binary data, sqlite_escape_string() will take
the steps necessary to properly encode the information so that it can be safely stored
and later retrieved.
Pages:
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671