Merge pull request #1312 from franzliedke/patch-53

DB::escape()

laravel/database.php

@@ -124,6 +124,19 @@ class Database {
 	{
 		return new Expression($value);
 	}
+	
+	/**
+	 * Escape a string for usage in a query.
+	 *
+	 * This uses the correct quoting mechanism for the default database connection.
+	 *
+	 * @param  string      $value
+	 * @return string
+	 */
+	public static function escape($value)
+	{
+		return static::connection()->pdo->quote($value);
+	}
 
 	/**
 	 * Get the profiling data for all queries.

laravel/profiling/profiler.php

@@ -145,7 +145,7 @@ class Profiler {
 	{
 		foreach ($bindings as $binding)
 		{
-			$binding = Database::connection()->pdo->quote($binding);
+			$binding = Database::escape($binding);
 
 			$sql = preg_replace('/\?/', $binding, $sql, 1);
 			$sql = htmlspecialchars($sql);