odbc_connection_string_quote

(PHP 8 >= 8.2.0)

odbc_connection_string_quoteQuotes an ODBC connection string value

Description

odbc_connection_string_quote(string $str): string

Quotes a value for a connection string, according to ODBC rules. That is, it will be surrounded by quotes, and any ending curly braces will be escaped. This should be done for any connection string values that come from user input. Not doing so can lead to issues with parsing the connection string, or values being injected into the connection string.

Note that this function does not check if the string is already quoted, nor if the string needs quoting. For that, call odbc_connection_string_is_quoted() and odbc_connection_string_should_quote().

Parameters

str

The unquoted string.

Return Values

A quoted string, surrounded by curly braces, and properly escaped.

Examples

Example #1 odbc_connection_string_quote() example

This example quotes a string, then puts it in a connection string. Note that the string is quoted, and the ending quote character in the middle of the string has been escaped.

<?php
$value
= odbc_connection_string_quote("foo}bar");
$connection_string = "DSN=PHP;UserValue=$value";
echo
$connection_string;
?>

The above example will output something similar to:

DSN=PHP;UserValue={foo}}bar}

See Also

add a note add a note

User Contributed Notes

There are no user contributed notes for this page.
To Top