Merge pull request laravel#1312 from franzliedke/patch-53

taylorotwell · taylorotwell · commit d08904616093 · 2013-01-05T13:03:31.000-08:00
DB::escape()
diff --git a/laravel/database.php b/laravel/database.php
@@ -124,6 +124,19 @@ public static function raw($value)
 	{
 		return new Expression($value);
 	}
+	
+	/**
+	 * Escape a string for usage in a query.
+	 *
+	 * This uses the correct quoting mechanism for the default database connection.
+	 *
+	 * @param  string      $value
+	 * @return string
+	 */
+	public static function escape($value)
+	{
+		return static::connection()->pdo->quote($value);
+	}
 
 	/**
 	 * Get the profiling data for all queries.
diff --git a/laravel/profiling/profiler.php b/laravel/profiling/profiler.php
@@ -145,7 +145,7 @@ public static function query($sql, $bindings, $time)
 	{
 		foreach ($bindings as $binding)
 		{
-			$binding = Database::connection()->pdo->quote($binding);
+			$binding = Database::escape($binding);
 
 			$sql = preg_replace('/\?/', $binding, $sql, 1);
 			$sql = htmlspecialchars($sql);

Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ public static function query($sql, $bindings, $time)`
`145`	`145`	`{`
`146`	`146`	`foreach ($bindings as $binding)`
`147`	`147`	`{`
`148`		`- $binding = Database::connection()->pdo->quote($binding);`
	`148`	`+ $binding = Database::escape($binding);`
`149`	`149`
`150`	`150`	`$sql = preg_replace('/\?/', $binding, $sql, 1);`
`151`	`151`	`$sql = htmlspecialchars($sql);`