escape()
Dummy method kept for legacy compatibility. This method does nothing and simply returns the input string unmodified.
It's deprecated and will be removed in v1.5.x.
Signature:
public function escape(string $str): string
Deprecated: This method has no effect and will be removed in v1.5.x.
It exists solely for backwards compatibility. Use parameter binding via prepared statements instead.
It exists solely for backwards compatibility. Use parameter binding via prepared statements instead.
Real escaping is discouraged: If you absolutely need manual escaping, use
PDO::quote() carefully –
or enable the optional code below.
Current Dummy Implementation
// Legacy escape method – has no effect
public function escape(string $str): string
{
return $str;
}Optional: Enable real escape() via PDO
// Uncomment and replace the dummy method if needed:
public function escape(string $str): string
{
$pdo = $this->connect($this->defConnectionName);
$quoted = $pdo->quote($str);
return substr($quoted, 1, -1); // remove surrounding quotes
}
Warning for Composer users:
If PDOdb is installed via Composer, local modifications will be overwritten during updates.
Instead, consider using
If PDOdb is installed via Composer, local modifications will be overwritten during updates.
Instead, consider using
rawQuery() with PDO::quote() externally.
Use Instead
- rawQuery() – for advanced SQL queries
- Security Best Practices – Prepared statements with bindings