Reputation: 44842
append quotes to a variable
I've got a variable in a php function of mine which is passed into a SQL query. I'm wondering how do I append " and " either side of it without actually turning it into a string?
Thanks.
Upvotes: 0
Views: 103
Answers (2)
Reputation: 6637
To answer your question:
$name = "Peter";
$query = " SELECT * FROM table WHERE name LIKE '$name' ";
All previous comments/answers to your question are valid and should be taken into account. Always remember that prepared statements are good if you want to avoid SQL Injection related problems.
Upvotes: 2
Reputation: 526503
If you can, you should really look into using prepared statements. In PHP both the mysqli and PDO libraries support them. This allows you to create placeholders in your queries and then bind values to them without having to manipulate the SQL text itself.
By doing this, you both save yourself hassle in terms of getting the SQL formatting right, and also protect yourself against accidental SQL injection holes by no longer having to remember to escape strings.
Upvotes: 3
Related Questions
- Add double quote to a string
- Syntax for including variable in single quoted string
- Insert a Variable inside simple quotation marks PHP
- how to wrap variable by single quote instead of double quotes in php
- Escaping quotes in PHP with variable
- Quotes within quotes - as a string?
- Trying to wrap a php variable in single quotes
- How to put a variable in quotes?
- Putting a variable between double quotes before echoing?
- PHP: How to add variables and quotes to a variable