1.20.x database.inc public DatabaseConnection::escapeField($field)

Escapes a field name string.

Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters.

Return value

string: The sanitized field name string.

File

includes/database/database.inc, line 1017
Core systems for the database layer.

Class

DatabaseConnection
Base Database API class.

Code

public function escapeField($field) {
  if (!isset($this->escapedNames[$field])) {
    $this->escapedNames[$field] = preg_replace('/[^A-Za-z0-9_.]+/', '', $field);
  }
  return $this->escapedNames[$field];
}