function Connection::escapeField

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()
  2. 8.9.x core/lib/Drupal/Core/Database/Driver/mysql/Connection.php \Drupal\Core\Database\Driver\mysql\Connection::escapeField()
  3. 8.9.x core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php \Drupal\Core\Database\Driver\pgsql\Connection::escapeField()
  4. 8.9.x core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()
  5. 11.x core/lib/Drupal/Core/Database/Connection.php \Drupal\Core\Database\Connection::escapeField()

Escapes a field name string.

Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters.

Parameters

string $field: An unsanitized field name.

Return value

string The sanitized field name.

File

core/lib/Drupal/Core/Database/Connection.php, line 1333

Class

Connection
Base Database API class.

Namespace

Drupal\Core\Database

Code

public function escapeField($field) {
  if (!isset($this->escapedFields[$field])) {
    $escaped = preg_replace('/[^A-Za-z0-9_.]+/', '', $field);
    [
      $start_quote,
      $end_quote,
    ] = $this->identifierQuotes;
    // Sometimes fields have the format table_alias.field. In such cases
    // both identifiers should be quoted, for example, "table_alias"."field".
    $this->escapedFields[$field] = $start_quote . str_replace('.', $end_quote . '.' . $start_quote, $escaped) . $end_quote;
  }
  return $this->escapedFields[$field];
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.