db_type_placeholder

Versions
6
db_type_placeholder($type)

Given a Schema API field type, return the correct %-placeholder.

Embed the placeholder in a query to be passed to db_query and and pass as an argument to db_query a value of the specified type.

Parameters

$type The Schema API type of a field.

Return value

The placeholder string to embed in a query for that type.

Related topics

▾ 3 functions call db_type_placeholder()

db_add_field in includes/database.pgsql.inc
Add a new field to a table.
db_placeholders in includes/database.inc
Generate placeholders for an array of query arguments of a single type.
drupal_write_record in includes/common.inc
Save a record to the database based upon the schema.

Code

includes/database.inc, line 567

<?php
function db_type_placeholder($type) {
  switch ($type) {
    case 'varchar':
    case 'char':
    case 'text':
    case 'datetime':
      return "'%s'";

    case 'numeric':
      // Numeric values are arbitrary precision numbers.  Syntacically, numerics
      // should be specified directly in SQL. However, without single quotes
      // the %s placeholder does not protect against non-numeric characters such
      // as spaces which would expose us to SQL injection.
      return '%n';

    case 'serial':
    case 'int':
      return '%d';

    case 'float':
      return '%f';

    case 'blob':
      return '%b';
  }

  // There is no safe value to return here, so return something that
  // will cause the query to fail.
  return 'unsupported type '. $type .'for db_type_placeholder';
}
?>
Login or register to post comments
 
 

All source code and documentation on this site is released under the terms of the GNU General Public License, version 2 and later. Drupal is a registered trademark of Dries Buytaert.