You are here

Home » API reference » Case Tracker 7 » casetracker.module

function db_type_placeholder in Case Tracker 7

1 call to db_type_placeholder()
db_placeholders in ./casetracker.module
This function is used in the views handlers

File

./casetracker.module, line 1387
Enables the handling of projects and their cases.

Code

function db_type_placeholder($type) {
  switch ($type) {
    case 'varchar':
    case 'char':
    case 'text':
    case 'datetime':
      return "'%s'";
    case 'numeric':

      // Numeric values are arbitrary precision numbers.  Syntacically, numerics
      // should be specified directly in SQL. However, without single quotes
      // the %s placeholder does not protect against non-numeric characters such
      // as spaces which would expose us to SQL injection.
      return '%n';
    case 'serial':
    case 'int':
      return '%d';
    case 'float':
      return '%f';
    case 'blob':
      return '%b';
  }

  // There is no safe value to return here, so return something that
  // will cause the query to fail.
  return 'unsupported type ' . $type . 'for db_type_placeholder';
}