protected Connection::generateTemporaryTableName() Generates a temporary table name. Return value string A table name. File core/lib/Drupal/Core/Database/Connection.php, line 1222 Class Connection Base Database API class. Namespace Drupal\Core\Database Code protected function generateTemporaryTableName() { return "db_temporary_" . $this->temporaryNameIndex++; }

protected Connection::filterComment($comment = '') Sanitize a query comment string. Ensure a query comment does not include strings such as "* /" that might terminate the comment early. This avoids SQL injection attacks via the query comment. The comment strings in this example are separated by a space to avoid PHP parse errors. For example, the comment: db_update('example') ->condition('id', $id) ->fields(array('field2' => 10)) ->comment('Exploit * / DROP TABLE node; --') ->

protected Connection::expandArguments(&$query, &$args) Expands out shorthand placeholders. Drupal supports an alternate syntax for doing arrays of values. We therefore need to expand them out into a full, executable query string. Parameters string $query: The query string to modify. array $args: The arguments for the query. Return value bool TRUE if the query was modified, FALSE otherwise. Throws \InvalidArgumentException This exception is thrown when: A placeholder that ends in [] i

public Connection::escapeTable($table) Escapes a table name string. Force all table names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the table name in database-specific escape characters. Parameters string $table: An unsanitized table name. Return value string The sanitized table name. Overrides Connection::escapeTable File core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php, line 232 Class Connection PostgreSQL implementation of \Drupa

public Connection::escapeTable($table) Escapes a table name string. Force all table names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the table name in database-specific escape characters. Parameters string $table: An unsanitized table name. Return value string The sanitized table name. File core/lib/Drupal/Core/Database/Connection.php, line 944 Class Connection Base Database API class. Namespace Drupal\Core\Database Code public function e

public Connection::escapeLike($string) Escapes characters that work as wildcard characters in a LIKE pattern. The wildcard characters "%" and "_" as well as backslash are prefixed with a backslash. Use this to do a search for a verbatim string without any wildcard behavior. For example, the following does a case-insensitive query for all rows whose name starts with $prefix: $result = db_query( 'SELECT * FROM person WHERE name LIKE :pattern', array(':pattern' => db_like($prefix) . '%') );

public Connection::escapeField($field) Escapes a field name string. Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters. Parameters string $field: An unsanitized field name. Return value string The sanitized field name. Overrides Connection::escapeField File core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php, line 194 Class Connection PostgreSQL implementation of \Drupa

public Connection::escapeField($field) Escapes a field name string. Force all field names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the field name in database-specific escape characters. Parameters string $field: An unsanitized field name. Return value string The sanitized field name. File core/lib/Drupal/Core/Database/Connection.php, line 961 Class Connection Base Database API class. Namespace Drupal\Core\Database Code public function e

public Connection::escapeDatabase($database) Escapes a database name string. Force all database names to be strictly alphanumeric-plus-underscore. For some database drivers, it may also wrap the database name in database-specific escape characters. Parameters string $database: An unsanitized database name. Return value string The sanitized database name. File core/lib/Drupal/Core/Database/Connection.php, line 927 Class Connection Base Database API class. Namespace Drupal\Core\Database

public Connection::escapeAlias($field) Escapes an alias name string. Force all alias names to be strictly alphanumeric-plus-underscore. In contrast to DatabaseConnection::escapeField() / DatabaseConnection::escapeTable(), this doesn't allow the period (".") because that is not allowed in aliases. Parameters string $field: An unsanitized alias name. Return value string The sanitized alias name. Overrides Connection::escapeAlias File core/lib/Drupal/Core/Database/Driver/pgsql/Connection.php, li