how to process php vars before trying to execute query? e.g. i am trying to insert text with ",' but it query couldn't execute? what is the best way to solve this with PDO class?
many thanks
2
-
You should refine your question more. What do you mean that you want to insert text with ",". Is it means that you want to insert all values to 1 coulmns seperated by , or any thing elseAwais Qarni– Awais Qarni2011-04-01 11:39:02 +00:00Commented Apr 1, 2011 at 11:39
-
sorry for that. comma doesn't have any special meaning here. i want insert double and single quote characters.daniel.tosaba– daniel.tosaba2011-04-01 12:15:35 +00:00Commented Apr 1, 2011 at 12:15
Add a comment
|
4 Answers
1 Comment
daniel.tosaba
in my case this is a life savior
Take a look at both addslashes() and mysql_real_escape_string(). What's happening here is that a ' is a special character, meaning MySQL will treat it as part of it's syntax, instead of treating it as a string like you want. addslashes or mysql_real_escape_string will add a backslash \ before all single and double quotes (and others) to make them not part of the MySQL syntax.
Comments
You can use mysql_real_escape_string($string) to escape your incoming string so that ' and " will be escaped.
Comments
You should bind your PHP variables, not escape them.
$variable = "''''''''''''''''''";
$sth = $dbh->prepare('SELECT * FROM table WHERE column = ?');
$sth->execute(array($variable));
answered Apr 1, 2011 at 11:58
Your Common Sense
158k42 gold badges226 silver badges374 bronze badges