I have some text fields in the oracle table, which 开发者_JAVA百科have double quotes. How to escape them in a select query, so that I can use it in PHP?
Odds are, if you are trying to do this you are dealing with a SQL Injection vulnerability. Please Google this and think about what you're doing.
You should be able to do a
SELECT REPLACE(your_column, '"', '\"') AS your_escaped_column
FROM your_table;
Have you tried: "\""
Well... you'd select them out just like you would any other field. It's when you are putting things in to the database where you need to escape them.
That has different mechanisms depending on what database abstraction layer or driver you're using.
For drivers, I recommend PDO. That way, it doesn't matter which database you're using, escaping a field for input is always going to be something like this:
// Assuming that $dbh is a valid PDO object, like this one:
// $dbh = new PDO('oci:dbname=//hostname:1521/scott', 'scott', 'tiger');
// That's 'oci:dbname=//hostname:port-number/database', username, password
$sql = "SELECT * FROM myTable WHERE name = ':myName'";
$sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$sth->execute(array(':myName' => "Ed O'Neil"));
精彩评论