Remove Sanitize::escape()

It is in the entirely wrong place and just a a bad idea.

lib/Cake/Test/TestCase/Utility/SanitizeTest.php

@@ -88,37 +88,6 @@ class SanitizeTest extends TestCase {
  */
 	public $fixtures = array('core.data_test', 'core.article');
 
-/**
- * testEscapeAlphaNumeric method
- *
- * @return void
- */
-	public function testEscapeAlphaNumeric() {
-		$resultAlpha = Sanitize::escape('abc', 'test');
-		$this->assertEquals('abc', $resultAlpha);
-
-		$resultNumeric = Sanitize::escape('123', 'test');
-		$this->assertEquals('123', $resultNumeric);
-
-		$resultNumeric = Sanitize::escape(1234, 'test');
-		$this->assertEquals(1234, $resultNumeric);
-
-		$resultNumeric = Sanitize::escape(1234.23, 'test');
-		$this->assertEquals(1234.23, $resultNumeric);
-
-		$resultNumeric = Sanitize::escape('#1234.23', 'test');
-		$this->assertEquals('#1234.23', $resultNumeric);
-
-		$resultNull = Sanitize::escape(null, 'test');
-		$this->assertEquals(null, $resultNull);
-
-		$resultNull = Sanitize::escape(false, 'test');
-		$this->assertEquals(false, $resultNull);
-
-		$resultNull = Sanitize::escape(true, 'test');
-		$this->assertEquals(true, $resultNull);
-	}
-
 /**
  * testClean method
  *
@@ -131,7 +100,7 @@ public function testClean() {
 		$this->assertEquals($expected, $result);
 
 		$string = 'test & "quote" \'other\' ;.$ symbol.' . "\r" . 'another line';
-		$expected = 'test & ' . Sanitize::escape('"quote"', 'test') . ' ' . Sanitize::escape('\'other\'', 'test') . ' ;.$ symbol.another line';
+		$expected = 'test & "quote" \'other\' ;.$ symbol.another line';
 		$result = Sanitize::clean($string, array('encode' => false, 'connection' => 'test'));
 		$this->assertEquals($expected, $result);
 

lib/Cake/Utility/Sanitize.php

@@ -61,27 +61,6 @@ public static function paranoid($string, $allowed = array()) {
 		return $cleaned;
 	}
 
-/**
- * Makes a string SQL-safe.
- *
- * @param string $string String to sanitize
- * @param string $connection Database connection being used
- * @return string SQL safe string
- */
-	public static function escape($string, $connection = 'default') {
-		$db = ConnectionManager::getDataSource($connection);
-		if (is_numeric($string) || $string === null || is_bool($string)) {
-			return $string;
-		}
-		$string = $db->value($string, 'string');
-		$start = 1;
-		if ($string{0} === 'N') {
-			$start = 2;
-		}
-
-		return substr(substr($string, $start), 0, -1);
-	}
-
 /**
  * Returns given string safe for display as HTML. Renders entities.
  *
@@ -210,13 +189,13 @@ public static function stripTags($str) {
  * - dollar - Escape `$` with `\$`
  * - carriage - Remove `\r`
  * - unicode -
- * - escape - Should the string be SQL escaped.
  * - backslash -
  * - remove_html - Strip HTML with strip_tags. `encode` must be true for this option to work.
  *
  * @param string|array $data Data to sanitize
  * @param string|array $options If string, DB connection being used, otherwise set of options
  * @return mixed Sanitized data
+ * @deprecated This method will be removed.
  */
 	public static function clean($data, $options = array()) {
 		if (empty($data)) {
@@ -235,7 +214,6 @@ public static function clean($data, $options = array()) {
 			'dollar' => true,
 			'carriage' => true,
 			'unicode' => true,
-			'escape' => true,
 			'backslash' => true
 		), $options);
 
@@ -261,9 +239,6 @@ public static function clean($data, $options = array()) {
 		if ($options['unicode']) {
 			$data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data);
 		}
-		if ($options['escape']) {
-			$data = Sanitize::escape($data, $options['connection']);
-		}
 		if ($options['backslash']) {
 			$data = preg_replace("/\\\(?!&#|\?#)/", "\\", $data);
 		}