This Function Has Been Available Since:|
(AFCommerce v 2.1, Functions v 1.1)
Database function which prepares a string to be entered in to a database table.
string = afc_sql_quote (value)
This function is used to help protect your database from user input that may have tricky characters that could be used to attack your web server. This function uses the mysql function "mysql_real_escape_string" if it is available, and if your php version is out of date it will use "addslashes" instead. This is in no way absolute protection, but it is suggested by php.net to be used on any string inputted from a user on your website. The security functions use this, as well as, a few other techniques, which for the overall security of AFCommerce are not explained at all. You may add additional security to the pages on your site that allow user input, they are all open source.
So when defining a new database type you should find the equivalent functions for the database type you want to use.
All the afc_sql functions are found in database-mysql.php (by default AFCommerce uses mysql by default). When new database types are added in to the default version, the file would be named database-dbtype.php, and if you add your own database type, you simply need to change a few lines in this file, and replace the mysql functions with the functions for the database type you are using. This establishes a universal database system that AFCommerce uses, simply include the file that declares the database functions, and AFCommerce can use any type of database out there. You would only need to change the file that the database functions are declared in, and all of the scripts will automatically use the new database type, that is the purpose of the custom database functions that version 2 uses. Inside the web directory, there is a file called "dbconfig.php" which tells AFCommerce which file to include, so you will see right now that your cart will have this variable set to "mysql", hence why the file database-mysql.php is called. If you changed this value to xxx, where xxx is the name of the database type you are using, AFCommerce will automatically know to include a file called database-xxx.php (which you would need to create if that database type doesn't exist in the default version). You only need to understand this if you are creating your own database function declaration file.
value (string) - The string passed to this function
Returns the string created by the mysql database function just called
Open Source: Yes
There are currently no examples for this function.
Back to Functions List