}
public static function escape($str) {
- switch (self::$driver) {
- case 'pdo':
- return substr(@self::$connection->quote($str, PDO::PARAM_STR), 1, -1);
- case 'mysqli':
- return @self::$connection->real_escape_string($str);
+ if (self::$connected) {
+ switch (self::$driver) {
+ case 'pdo':
+ return substr(@self::$connection->quote($str, PDO::PARAM_STR), 1, -1);
+ case 'mysqli':
+ return @self::$connection->real_escape_string($str);
+ }
+ } else {
+ return str_replace("'", "\\'", $str);
}
}
$commands[$key] = ['table' => $table, 'conditions' => $conditions];
- $cascade = defaults($options, 'cascade', true);
+ // Don't use "defaults" here, since it would set "false" to "true"
+ if (isset($options['cascade'])) {
+ $cascade = $options['cascade'];
+ } else {
+ $cascade = true;
+ }
// To speed up the whole process we cache the table relations
if ($cascade && count(self::$relation) == 0) {
if (is_bool($value)) {
$value = ($value ? '1' : '0');
} else {
- $value = dbesc($value);
+ $value = self::escape($value);
}
return;
}
} elseif (is_float($value) || is_integer($value)) {
$value = (string) $value;
} else {
- $value = "'" . dbesc($value) . "'";
+ $value = "'" . self::escape($value) . "'";
}
}