Reputation: 11
Here's what i got when i try to quote a string
$string = "Because I'm happy";
$quoted = DB::connection()->getPdo()->quote($string)
// Return 'Because I\'m happy' instead of 'Because I''m happy'
Why ?... Please tell me !
My database connexion is
'connections' => array(
'mysql' => array(
'driver' => 'mysql',
'host' => 'localhost',
'database' => 'mytable',
'username' => 'root',
'password' => '',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
Upvotes: 1
Views: 6830
Reputation: 822
The reason you get a \' instead of a '' for the escaping is that you are using a different database: mysql vs sqlite in the examples in the manual.
The escaping is provided by the database driver.
So, in sqlite, the correct way is to double the quotes: https://www.sqlite.org/faq.html#q14
But in mysql, it's a backslash: http://dev.mysql.com/doc/refman/5.7/en/string-literals.html
And the relevant PDO database driver does the correct thing for the database you are using. Except (as noted in the manual) on databases where the quote() method isn't implemented. The best way is prepared statements, which mean you don't need to deal with escaping at all for values.
Upvotes: 3
Reputation: 111839
This is because you run quote
method from PDO
class on a string.
IF you look at PHP manual you see it puts single quotes at the beginning and at at the end of string, so it needs to escape all other single quotes inside a string.
Upvotes: 0