remove_invisible_characters example

    protected function _close()
    {
        sqlsrv_close($this->connID);
    }

    /** * Platform-dependant string escape */
    protected function _escapeString(string $str): string
    {
        return str_replace("'", "''", remove_invisible_characters($str, false));
    }

    /** * Insert ID */
    public function insertID(): int
    {
        return $this->query('SELECT SCOPE_IDENTITY() AS insert_id')->getRow()->insert_id ?? 0;
    }

    /** * Generates the SQL for listing tables in a platform-dependent manner. * * @param string|null $tableName If $tableName is provided will return only this table if exists. */

        return $this->escapeString($str, true);
    }

    /** * Platform independent string escape. * * Will likely be overridden in child classes. */
    protected function _escapeString(string $str): string
    {
        return str_replace("'", "''", remove_invisible_characters($str, false));
    }

    /** * This function enables you to call PHP database functions that are not natively included * in CodeIgniter, in a platform independent manner. * * @param array ...$params * * @throws DatabaseException */
    public function callFunction(string $functionName, ...$params): bool
    {

'%24',
            '%3f',
            '%3b',
            '%3d',
        ];

        if (! $relativePath) {
            $bad[] = './';
            $bad[] = '/';
        }

        $str = remove_invisible_characters($str, false);

        do {
            $old = $str;
            $str = str_replace($bad, '', $str);
        } while ($old !== $str);

        return stripslashes($str);
    }

    /** * Restore hash from Session or Cookie */