PHP PDO apostrophe

问题

I have a problem to execute a Stored Procedure (FIREBIRD) from php:

$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612','".$tester."'..............

When $tester containts this symbol ' I have a problem..

how can I fix that?

回答1:

Essentially, you need to escape the string before using it within a query.

The best way to do this is through the use of PDO prepared statements:

$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612',:tester)";
$ps=$dbhandle->prepare($sqlSP);
$ps->bindParam(':tester',$tester,PDO::PARAM_STR);
$ps->execute();

(assuming that $dbhandle is your PDO object)

回答2:

Try binding the parameters, take a look at the prepare method.

PHP.net PDO::Prepare

来源：https://stackoverflow.com/questions/20329757/php-pdo-apostrophe

标签

php

pdo

apostrophe

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!