1. Getting Started
      1. Basic Installation
      2. What is MODx
    2. Content Editing
      1. Editing Documents
      2. MODx Tags
        1. Document Variables
      3. Terminology
      4. The Manager
      5. Who Should Read This
    3. Designing
      1. Adding Chunks
      2. Adding MODx Tags
        1. Resource Fields
      3. Adding Snippets
      4. Document Caching
      5. Template Basics
    4. Administration
      1. Friendly URL Solutions
      2. Manager Users
        1. Manager Roles And Groups
        2. Reset your Password - Unblock your User
        3. Why Manager Users, Roles and Groups
      3. Moving Site
      4. Taking sites down for maintenance
      5. Upgrading
      6. Web Users
        1. Creating a Web User
        2. Web User Groups and Document Groups
        3. Why Web Users and Groups
    5. Developer's Guide
      1. API Reference
        1. DBAPI
          1. delete
          2. escape
          3. getInsertId
          4. query
          5. select
          6. update
        2. Document Object
        3. DocumentParser Object
          1. addEventListener
          2. changeWebUserPassword
          3. documentContent
          4. documentGenerated
          5. documentIdentifier
          6. documentListing
          7. documentMethod
          8. documentObject
          9. getAllChildren
          10. getCachePath
          11. getChildIds
          12. getDocumentChildren
          13. getDocumentChildrenTVarOutput
          14. getDocumentChildrenTVars
          15. getLoginUserID
          16. getLoginUserName
          17. getLoginUserType
          18. getManagerPath
          19. getParent
          20. getParentIds
          21. getUserData
          22. hasPermission
          23. isBackend
          24. isFrontend
          25. logEvent
          26. maxParserPasses
          27. minParserPasses
          28. regClientCSS
          29. runSnippet
          30. table_prefix
          31. tstart
          32. webAlert
      2. Chunks
      3. Modules
        1. How to create and run a module from within the Content Manager
        2. Managing module dependencies
        3. Setting up configuration parameters
        4. Writing the module code
      4. Plugins
      5. Snippets
      6. Template Variables
        1. (at) Binding
          1. (at)CHUNK
          2. (at)DIRECTORY
          3. (at)DOCUMENT
          4. (at)EVAL
          5. (at)FILE
          6. (at)INHERIT
          7. (at)SELECT
          8. What are (at) Bindings
        2. Creating a Template Variable
        3. What are Template Variables
        4. Widgets
          1. Misc. Widget
          2. DataGrid Widget
          3. Floater Widget
          4. Hyperlink Widget
          5. Marquee Widget
          6. RichTextBox Widget
          7. Ticker Widget
          8. Viewport Widget
          9. What are Widgets

escape

Last edited by JP DeVries on Aug 10, 2013.

API:DB:escape

API Quick reference
Variable name: escape
Modx versions: 0.9.x + Evolution
Input parameters: (string $s)
Return if successful: MySQL escaped string $s
Return type: string
Return on failure: string $s
Object parent: DocumentParser -> DBAPI

Description

string escape(string $s);

Escaping potential dangerous characters in a string before using it in a query can help protect your script against SQL injection attacks.

Function escapes strings passed to it in preparation for inclusion in a MySQL query. If available, this function uses mysql_real_escape_string which is binary and character set safe. If mysql_real_escape_string is not available, it will instead use mysql_escape_string to escape the data.

Usage / Examples

function login($username, $password)
{
   global $modx, $table_prefix;
   $username = $modx->db->escape($username);
   $password = $modx->db->escape($password);

   $res = $modx->db->select("id", $table_prefix.".modx_web_users",
      "username='$username' AND password='".md5($password)."'");
   if($modx->db->getRecordCount($res))
   {
      $_SESSION['userid'] = $id;
      //other log in things...
   }
   else
   {
      //incorrect login
   }
}
$string = "This is Joe's Page";
$string = $modx->db->escape($string);

This will result in the string "This is Joe\'s Page".

select, query, [insert], update

Function Source

File: manager/includes/extenders/dbapi.class.inc.php
Line: 117

function escape($s) {
   if (function_exists('mysql_real_escape_string') && $this->conn) {
      $s = mysql_real_escape_string($s, $this->conn);
   } else {
      $s = mysql_escape_string($s);
   }
   return $s;
}

Suggest an edit to this page on GitHub (Requires GitHub account. Opens a new window/tab).