PDO::quote

PDO::quote — Add quotes to strings in SQL statements. (PHP 5 >= 5.1.0, PECL pdo >= 0.2.1)

illustrate

grammar

 public string PDO::quote ( string $string [, int $parameter_type = PDO::PARAM_STR ] )

PDO::quote() adds quotes or escapes special strings to strings in SQL statements.

parameter

string The string to add quotation marks to.

parameter_type provides the data type to the driver.

return value

Returns a quoted string that can theoretically be safely passed into an SQL statement and executed. Returns FALSE if the driver does not support it.

Example

Add quotes to normal strings

 <?php$conn = new PDO('sqlite:/home/lynn/music.sql3');/* Simple string */$string = 'Nice';print "Unquoted string: $stringn";print "Quoted string: " . $conn->quote($string) . "n";?>

The above output is:

 Unquoted string: NiceQuoted string: 'Nice'

Escape special strings

 <?php$conn = new PDO('sqlite:/home/lynn/music.sql3');/* Dangerous string */$string = 'Naughty ' string';print "Unquoted string: $stringn"; print "Quoted string:" . $conn->quote($string) . "n";?>

The above routine will output:

 Unquoted string: Naughty ' stringQuoted string: 'Naughty '' string'