Merge pull request #1312 from franzliedke/patch-53

DB::escape()
2013-01-05 13:03:31 -08:00 · 2013-01-05 13:03:31 -08:00 · d089046160
parent 62b55ff7a1 d7dfd4f915
commit d089046160
2 changed files with 14 additions and 1 deletions
--- a/laravel/database.php
+++ b/laravel/database.php
@ -124,6 +124,19 @@ public static function raw($value)
 	{
 		return new Expression($value);
 	}
+	
+	/**
+	 * Escape a string for usage in a query.
+	 *
+	 * This uses the correct quoting mechanism for the default database connection.
+	 *
+	 * @param  string      $value
+	 * @return string
+	 */
+	public static function escape($value)
+	{
+		return static::connection()->pdo->quote($value);
+	}

 	/**
 	 * Get the profiling data for all queries.
--- a/laravel/profiling/profiler.php
+++ b/laravel/profiling/profiler.php
@ -145,7 +145,7 @@ public static function query($sql, $bindings, $time)
 	{
 		foreach ($bindings as $binding)
 		{
-			$binding = Database::connection()->pdo->quote($binding);
+			$binding = Database::escape($binding);

 			$sql = preg_replace('/\?/', $binding, $sql, 1);
 			$sql = htmlspecialchars($sql);