Location: PHPKode > scripts > db_escape > db_escape/db_escape.php
<?php
class db_escape{
  var $str_buff;
  var $escaped;
  var $esc_with;
  var $debug = FALSE;

 // associative array of arrays of escape patterns. 
 // for instance, "ANSI_KWDS", "OR_KWDS", "PHP_SYBASE", "PHP_MYSQL"
 // add others as you see fit
 // Always set the escape, (usually '\' ),character as the 
 // first one in your array, and only once

  var $escapes = array( 
    "ORACLE-MED"  => array( // ( 'ORACLE KEYWORDS'->escape the following:  
                         // '\','"', and other 'keywords in list below )
      "\\"    => "\\",
      "\""    => "\\",
      "'"     => "'",
      "AND"   => "\\",
      "&"     => "\\",
      "OR"    => "\\",
      "|"     => "\\",
      "ACCUM" => "\\",
      ","     => "\\",
      "MINUS" => "\\",
      "-"     => "\\",
      ";"     => "\\",
      "\$"     => "\\",
      "!"     => "\\",
      "?"     => "\\",
      ">"     => "\\",
      "*"     => "\\",
      "#"     => "\\",
      ":"     => "\\",
      "%"     => "\\",
      "_"     => "\\",
      "("     => "\\",
      ")"     => "\\",
      "["     => "\\",
      "]"     => "\\",
      "{"     => "\\",
      "}"     => "\\",  
      "EXEC"  => "\\",
      "@"     => "\\",
      "SQE"   => "\\",
      "SYN"   => "\\",
      "PT"    => "\\",
      "RT"    => "\\",
      "TT"    => "\\",
      "BT"    => "\\",
      "NT"    => "\\",
      "BTG"   => "\\",
      "NTG"   => "\\",
      "BTP"   => "\\",
      "NTP"   => "\\"
    )
  );
//-----------------------------------------------------------------
//PUBLICS -(YOU MAY TOUCH THESE IN PUBLIC)

  function Esc_DB_Str( &$db_string, $esc_set ){
    // REMEMBER!!-Always set the '\' character as the first one in your array, and only once
    $ret_val = FALSE;
    if( !isset( $this->escapes[$esc_set] ) || !is_array( $this->escapes[$esc_set] ) || !isset( $db_string) || !is_string( $db_string)){
      ;
    } else {
      $num = 0;
      reset( $this->escapes[$esc_set] );
      $this->str_buff = $db_string;
      while ( $key_val = each( $this->escapes[$esc_set] ) ){
        $this->escaped  = $key_val[0];
        $this->esc_with = $key_val[1];
        if( isset( $this->escaped)  && isset( $this->esc_with ) ){
          $this->insert_esc_str();
          $ret_val = TRUE;
          if( isset( $this->debug ) && TRUE == $this->debug ){
            $key = $this->escaped;
            $val = $this->esc_with;
            echo("<pre><br>\n$num key=$key val=$val<br>\n<br>\n$this->str_buff<br>\n<br>\n</pre>");
            $num++;
          }
        }
      }
    }
    if( $ret_val ){
      $db_string = $this->str_buff;
    }
    return $ret_val;
  }
  function Unesc_DB_Str( &$db_string, $esc_set ){
    // REMEMBER!!-Always set the escape character, (usually '\'), character as the 
    // first one in your array, and only once
    $reversed_escapes = array_reverse( $this->escapes[$esc_set] );
    $ret_val = FALSE;
    if( !isset( $reversed_escapes ) || !is_array( $reversed_escapes ) || !isset( $db_string) || !is_string( $db_string)){
        $ret_val = FALSE;
    } else {
      $num = 0;
      reset( $reversed_escapes );
      $this->str_buff = $db_string;
      while ( $key_val = each( $reversed_escapes ) ){
        $this->escaped  = $key_val[0];
        $this->esc_with = $key_val[1];
        if( isset( $this->escaped)  && isset( $this->esc_with ) ){
          $this->remove_esc_str();
          $ret_val = TRUE;
          if( isset( $this->debug ) && TRUE == $this->debug ){
            $key = $this->escaped;
            $val = $this->esc_with;
            echo("<pre><br>\n$num key=$key val=$val<br>\n<br>\n$this->str_buff<br>\n<br>\n</pre>");
            $num++;
          }
        }
      }
    }
    if( $ret_val ){
      $db_string = $this->str_buff;
    }
    return $ret_val;
  }

//-----------------------------------------------------------------
//PRIVATES-(KEEP YOUR HANDS OFF OF MY PRIVATES!)

  function insert_esc_str(){ //assumes target and escaped char strings are set, and escaped char string != ""
    $parts = explode( strtolower($this->escaped ), strtolower($this->str_buff) );
    $pos = 0;
    $tmp_str="";
    $find_len = strlen( $this->escaped );
    for( $index=0; isset( $parts[$index] ); $index++){
      $part_len = strlen( $parts[$index] );
      $tmp_str .= substr( $this->str_buff, $pos, $part_len );
      $pos += $part_len;
      if( isset( $parts[$index + 1] ) ){
        $tmp_str .= $this->esc_with;
        $tmp_str .= substr( $this->str_buff, $pos, $find_len );
        $pos += $find_len;
      }
    }
    $this->str_buff = $tmp_str;
  }
  function remove_esc_str(){ //assumes target and escaped char strings are set, and escaped char string != ""
    $find_str = $this->esc_with . $this->escaped;
    $parts = explode( strtolower( $find_str ), strtolower($this->str_buff) );
    $pos = 0;
    $tmp_str="";
    $esc_with_len  = strlen( $this->esc_with );
    $escaped_len  = strlen( $this->escaped );
    $find_len = strlen( $find_str );
    for( $index=0; isset( $parts[$index] ); $index++){
      $part_len = strlen( $parts[$index] );
      $tmp_str .= substr( $this->str_buff, $pos, $part_len );
      $pos += $part_len;
      if( isset( $parts[$index + 1] ) ){
        $tmp_str .= substr( $this->str_buff, $pos + $esc_with_len, $escaped_len );
        $pos += $find_len;
      }
    }
    $this->str_buff = $tmp_str;
  }
}
Return current item: db_escape