W3cubDocs

/Drupal 8

public function Connection::escapeField

public Connection::escapeField($field)

Escapes a field name string.

Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters.

Parameters

string $field: An unsanitized field name.

Return value

string The sanitized field name.

Overrides Connection::escapeField

File

core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php, line 194

Class

Connection
PostgreSQL implementation of \Drupal\Core\Database\Connection.

Namespace

Drupal\Core\Database\Driver\pgsql

Code

public function escapeField($field) {
  $escaped = parent::escapeField($field);

  // Remove any invalid start character.
  $escaped = preg_replace('/^[^A-Za-z0-9_]/', '', $escaped);

  // The pgsql database driver does not support field names that contain
  // periods (supported by PostgreSQL server) because this method may be
  // called by a field with a table alias as part of SQL conditions or
  // order by statements. This will consider a period as a table alias
  // identifier, and split the string at the first period.
  if (preg_match('/^([A-Za-z0-9_]+)"?[.]"?([A-Za-z0-9_.]+)/', $escaped, $parts)) {
    $table = $parts[1];
    $column = $parts[2];

    // Use escape alias because escapeField may contain multiple periods that
    // need to be escaped.
    $escaped = $this->escapeTable($table) . '.' . $this->escapeAlias($column);
  }
  elseif (preg_match('/[A-Z]/', $escaped)) {
    // Quote the field name for case-sensitivity.
    $escaped = '"' . $escaped . '"';
  }
  elseif (in_array(strtolower($escaped), $this->postgresqlReservedKeyWords)) {
    // Quote the field name for PostgreSQL reserved key words.
    $escaped = '"' . $escaped . '"';
  }

  return $escaped;
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Database!Driver!pgsql!Connection.php/function/Connection::escapeField/8.1.x