Commit d0890461 authored by Taylor Otwell's avatar Taylor Otwell

Merge pull request #1312 from franzliedke/patch-53

DB::escape()
parents 62b55ff7 d7dfd4f9
......@@ -124,6 +124,19 @@ class Database {
{
return new Expression($value);
}
/**
* Escape a string for usage in a query.
*
* This uses the correct quoting mechanism for the default database connection.
*
* @param string $value
* @return string
*/
public static function escape($value)
{
return static::connection()->pdo->quote($value);
}
/**
* Get the profiling data for all queries.
......
......@@ -145,7 +145,7 @@ class Profiler {
{
foreach ($bindings as $binding)
{
$binding = Database::connection()->pdo->quote($binding);
$binding = Database::escape($binding);
$sql = preg_replace('/\?/', $binding, $sql, 1);
$sql = htmlspecialchars($sql);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment