PDO :: quote
PDO :: quote - quotation marks in the SQL statement string. (PHP 5> = 5.1.0, PECL pdo> = 0.2.1)
Explanation
grammar
public string PDO::quote ( string $string [, int $parameter_type = PDO::PARAM_STR ] )
PDO :: quote () quotation marks or escape the special string in the SQL statement string.
parameter
string
Quoted string to be added.
parameter_type
Provides data type for the driver.
return value
Returns a quoted string, in theory, can be safely transferred to the SQL statement and executed. If the driver does not support the return FALSE.
Examples
Adding quotation marks as an ordinary string
<?php $conn = new PDO('sqlite:/home/lynn/music.sql3'); /* Simple string */ $string = 'Nice'; print "Unquoted string: $string\n"; print "Quoted string: " . $conn->quote($string) . "\n"; ?>
Above output is:
Unquoted string: Nice Quoted string: 'Nice'
Escape special string
<?php $conn = new PDO('sqlite:/home/lynn/music.sql3'); /* Dangerous string */ $string = 'Naughty \' string'; print "Unquoted string: $string\n"; print "Quoted string:" . $conn->quote($string) . "\n"; ?>
The above example will output:
Unquoted string: Naughty ' string Quoted string: 'Naughty '' string'