Escape data inside queries

git-svn-id: https://svn.php.net/repository/phpdoc/en/trunk@286556 c90b9560-bf6c-de11-be94-00142212c4b1
2025-03-16 00:48:54 +00:00 · 2009-07-30 12:22:29 +00:00 · 2009-07-30 12:22:29 +00:00 · 42fd17af6e
commit 42fd17af6e
parent 77ac6dd771
17 changed files with 66 additions and 0 deletions
--- a/reference/dbx/functions/dbx-query.xml
+++ b/reference/dbx/functions/dbx-query.xml
@ -35,6 +35,10 @@
      <para>
       SQL statement.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.dbx-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/ingres-ii/functions/ingres-query.xml
+++ b/reference/ingres-ii/functions/ingres-query.xml
@ -61,6 +61,10 @@
       A valid SQL query (see the Ingres <literal>SQL reference
       guide</literal>) in the Ingres documentation.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.ingres-escape-string">properly escaped</link>.
+      </para>
      <para>
       The following types of SQL queries cannot be sent with this function:
       <itemizedlist>
--- a/reference/ingres-ii/functions/ingres-unbuffered-query.xml
+++ b/reference/ingres-ii/functions/ingres-unbuffered-query.xml
@ -70,6 +70,10 @@
       statements that cannot be executed via
       <function>ingres_unbuffered_query</function>.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.dbx-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/mysql/functions/mysql-db-query.xml
+++ b/reference/mysql/functions/mysql-db-query.xml
@ -38,6 +38,10 @@
      <para>
       The MySQL query.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.mysql-real-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    &mysql.linkid.description;
--- a/reference/mysql/functions/mysql-query.xml
+++ b/reference/mysql/functions/mysql-query.xml
@ -33,6 +33,8 @@
      </para>
      <para>
       The query string should not end with a semicolon.
+       Data inside the query should be <link
+       linkend="function.mysql-real-escape-string">properly escaped</link>.
      </para>
     </listitem>
    </varlistentry>
--- a/reference/mysql/functions/mysql-unbuffered-query.xml
+++ b/reference/mysql/functions/mysql-unbuffered-query.xml
@ -38,6 +38,10 @@
      <para>
       A SQL query
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.mysql-real-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    &mysql.linkid.description;
--- a/reference/mysqli/mysqli/multi-query.xml
+++ b/reference/mysqli/mysqli/multi-query.xml
@ -42,6 +42,10 @@
      <para>
       The query, as a string.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="mysqli.real-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
   </variablelist>
--- a/reference/mysqli/mysqli/query.xml
+++ b/reference/mysqli/mysqli/query.xml
@ -44,6 +44,10 @@
      <para>
       The query string.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="mysqli.real-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/mysqli/mysqli/real-query.xml
+++ b/reference/mysqli/mysqli/real-query.xml
@ -42,6 +42,10 @@
      <para>
       The query, as a string.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="mysqli.real-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
   </variablelist>
--- a/reference/pdo/pdo/exec.xml
+++ b/reference/pdo/pdo/exec.xml
@ -39,6 +39,10 @@
       <para>
        The SQL statement to prepare and execute.
       </para>
+       <para>
+        Data inside the query should be <link
+        linkend="pdo.quote">properly escaped</link>.
+       </para>
      </listitem>
     </varlistentry>
   </variablelist>
--- a/reference/pdo/pdo/query.xml
+++ b/reference/pdo/pdo/query.xml
@ -76,6 +76,10 @@
       <para>
        The SQL statement to prepare and execute.
       </para>
+       <para>
+        Data inside the query should be <link
+        linkend="pdo.quote">properly escaped</link>.
+       </para>
      </listitem>
     </varlistentry>
   </variablelist>
--- a/reference/pgsql/functions/pg-query.xml
+++ b/reference/pgsql/functions/pg-query.xml
@ -64,6 +64,10 @@
       they are automatically executed as one transaction, unless there are explicit BEGIN/COMMIT commands
       included in the query string. However, using multiple transactions in one function call is not recommended.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.pg-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
   </variablelist>
--- a/reference/pgsql/functions/pg-send-query.xml
+++ b/reference/pgsql/functions/pg-send-query.xml
@ -55,6 +55,10 @@
      <para>
       The SQL statement or statements to be executed.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.pg-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
   </variablelist>
--- a/reference/sqlite/functions/sqlite-array-query.xml
+++ b/reference/sqlite/functions/sqlite-array-query.xml
@ -61,6 +61,10 @@
      <para>
       The query to be executed.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.sqlite-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/sqlite/functions/sqlite-exec.xml
+++ b/reference/sqlite/functions/sqlite-exec.xml
@ -63,6 +63,10 @@
      <para>
       The query to be executed.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.sqlite-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/sqlite/functions/sqlite-query.xml
+++ b/reference/sqlite/functions/sqlite-query.xml
@ -59,6 +59,10 @@
      <para>
       The query to be executed.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.sqlite-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
--- a/reference/sqlite/functions/sqlite-unbuffered-query.xml
+++ b/reference/sqlite/functions/sqlite-unbuffered-query.xml
@ -75,6 +75,10 @@
      <para>
       The query to be executed.
      </para>
+      <para>
+       Data inside the query should be <link
+       linkend="function.sqlite-escape-string">properly escaped</link>.
+      </para>
     </listitem>
    </varlistentry>
    <varlistentry>