function Connection::escapeField
Same name in other branches
- 9 core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()
- 8.9.x core/lib/Drupal/Core/Database/Driver/mysql/Connection.php \Drupal\Core\Database\Driver\mysql\Connection::escapeField()
- 8.9.x core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php \Drupal\Core\Database\Driver\pgsql\Connection::escapeField()
- 8.9.x core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()
- 11.x core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()
Escapes a field name string.
Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters.
Parameters
string $field: An unsanitized field name.
Return value
string The sanitized field name.
File
-
core/
lib/ Drupal/ Core/ Database/ Connection.php, line 1333
Class
- Connection
- Base Database API class.
Namespace
Drupal\Core\DatabaseCode
public function escapeField($field) {
if (!isset($this->escapedFields[$field])) {
$escaped = preg_replace('/[^A-Za-z0-9_.]+/', '', $field);
[
$start_quote,
$end_quote,
] = $this->identifierQuotes;
// Sometimes fields have the format table_alias.field. In such cases
// both identifiers should be quoted, for example, "table_alias"."field".
$this->escapedFields[$field] = $start_quote . str_replace('.', $end_quote . '.' . $start_quote, $escaped) . $end_quote;
}
return $this->escapedFields[$field];
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.