user1756365
Reputation: 135
PHP PDO apostrophe
I have a problem to execute a Stored Procedure (FIREBIRD) from php:
$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612','".$tester."'..............
When $tester containts this symbol ' I have a problem..
how can I fix that?
Upvotes: 2
Views: 2262
Answers (2)
Bradley Weston
Reputation: 425
Try binding the parameters, take a look at the prepare method.
Upvotes: 0
DaveyBoy
Reputation: 2915
Essentially, you need to escape the string before using it within a query.
The best way to do this is through the use of PDO prepared statements:
$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612',:tester)";
$ps=$dbhandle->prepare($sqlSP);
$ps->bindParam(':tester',$tester,PDO::PARAM_STR);
$ps->execute();
(assuming that $dbhandle is your PDO object)
Upvotes: 11
Related Questions
- PDO not handling apostrophe in field data even when using prepared statements
- PDO MySQL handling apostrophe (') in names
- how to add Apostrophe in php native
- PDO adds the apostrophe to the mySQL query
- PHP, MySQL and PDO - results from database missing apostrophes
- apostrophe in PHP string
- PHP PDO Apostrophe and Quotation Marks Escaping
- apostrophe php issue
- php apostrophe and quotations
- problem with apostrophe