Johnny000
Reputation: 2104
PDO escape & in query
I'm using PDO for my querys and try to escape some '&' since they make the request invalid. I already tried with mysql_real_escape_string and pdo quote... both didn't escaped the '&'. My values are for example "James & Jack".
As Connector:
$this->connect = new PDO("mysql:host=$db_host;dbname=$db_name;", $db_user, $db_pass,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
As Query:
function check_exist($query,$parameter)
{
try
{
$this->connect->prepare($query);
$this->connect->bindParam(':parameter', $parameter, PDO::PARAM_STR);
$this->connect->execute();
return $this->connect->fetchColumn();
unset ($query);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
Finaly the Call to action
$db = new database;
$db->connect('framework','localhost','root','');
$result = $db->check_exist('SELECT COUNT(*) FROM cat_merge WHERE cat=:parameter',$cat);
Upvotes: 1
Views: 351
Answers (1)
Unobtainium'
Reputation: 157
Try using prepared statements this way:
<?php
// Connect to the database
$db = new PDO('mysql:host=127.0.0.1;dbname=DB_NAME_HERE', 'username', 'password');
// Don't emulate prepared statements, use the real ones
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
// Prepare the query
$query = $db->prepare('SELECT * FROM foo WHERE id = ?');
// Execute the query
$query->execute($_GET['id']);
// Get the result as an associative array
$result = $query->fetchAll(PDO::FETCH_ASSOC);
// Output the result
print_r($result);
?>
Upvotes: 3
Related Questions
- Escape a pdo query, is that necessary?
- Select pdo cant find the symbol like & '
- Escaping & (ampersand) in SOQL
- How to escape multiple quotes in the query?
- SQL separate / single variable escape with PDO
- "&" And "And" In A Prepared Statement Failing
- Switching from MySQL_query to PDO causes unwanted escaping
- Mysql escape % and _ for PHP PDO
- inserting ampersand (&) in mysql with PDO php?
- mysql_real_escape_string() to allow ' and "