开发者

append quotes to a variable

开发者 https://www.devze.com 2023-01-04 09:49 出处:网络
I\'ve got a variable开发者_如何学运维 in a php function of mine which is passed into a SQL query. I\'m wondering how do I append \" and \" either side of it without actually turning it into a string?

I've got a variable开发者_如何学运维 in a php function of mine which is passed into a SQL query. I'm wondering how do I append " and " either side of it without actually turning it into a string?

Thanks.


If you can, you should really look into using prepared statements. In PHP both the mysqli and PDO libraries support them. This allows you to create placeholders in your queries and then bind values to them without having to manipulate the SQL text itself.

By doing this, you both save yourself hassle in terms of getting the SQL formatting right, and also protect yourself against accidental SQL injection holes by no longer having to remember to escape strings.


To answer your question:

$name  = "Peter";
$query = " SELECT * FROM table WHERE name LIKE '$name' ";

All previous comments/answers to your question are valid and should be taken into account. Always remember that prepared statements are good if you want to avoid SQL Injection related problems.

0

精彩评论

暂无评论...
验证码 换一张
取 消