PostNuke Help |
||
|---|---|---|
Previous |
Next |
|
prepare variable for database storage
mixed pnVarPrepForStore(var, ...);
pnVarPrepForStore() takes a variable number of var arguments and for each one carries out suitable escaping of characters such that when inserted into a database the exact string is stored.
If pnVarPrepForStore() is only passed a single var argument then it returns the corresponding database-ready variable. If pnVarPrepForStore() is passed multiple arguments then it returns an array of corresponding database-ready variables.
Running pnVarPrepForStore() multiple times is cumulative, and is not reversible unless the developer knows how many times it has been run. It recommended that variables that have been returned from pnVarPrepForStore() are only used in SQL functions, and then discarded.
// Get a version of name and number ready to store in the database
list($dbname, $dbnumber) = pnVarPrepForStore($name, $number);
// Create some database-ready SQL
$sql = "SELECT * from table
WHERE col1 = '$dbname'
AND col2 = '$dbnumber'
AND col3 = '" . pnVarPrepForStore($otherinfo) . "'";
Previous |
Next |