Reputation: 4330
Insert values with single quotation in PostgreSQL
I want to run the following query with a single quoted value.
INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc'hotels')
I just want to add abc'hotels value. I used backslash, but it did not work.
INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc\'hotels')
How can I resolve this?
Upvotes: 7
Views: 8159
Answers (2)
Reputation: 18379
You can escape the single quote with another single.
INSERT INTO web_camp_keywords (web_id, keyword)
VALUES (195, 'abc''hotels')
But personally I think you should be using prepared statements with bind parameters.
Among other things, use of prepared statements with bind parameters is one of the easiest ways to help protect against SQL injection, the biggest source of security holes in web applications.
Upvotes: 8
Reputation: 4344
Like Chris Moutray and others mentioned, it would be best if you used pdo and prepared statements. Here is an example on how you could prepare a statement, provide the statement with values and then execute it. I left out the connection.
$statement = $pdo->prepare("insert into web_camp_keywords (web_id, keyword) values (:id, :keyword)");
$statement->bindValue(':id', 195);
$statement->bindValue(':keyword', "abc'hotels");
$statement->execute();
Upvotes: 2
Related Questions
- PHP Insert into PostgreSQL
- Insert text with single quotes in PostgreSQL
- Postgres: How to insert double quotes in a string in a psql query?
- postgresql how to insert a value with double quotes inside double quotes
- Insert text dynamically with single quotes in PostgreSQL
- Insert statement with single quote for Integer datatype
- how to insert the value having double quotes in the database?
- Preserve quotes in PostgreSQL db call
- unescaping double quotes in php
- postgresql quotes problem