PHP PDO apostrophe

2020-04-14 02:34发布

站内问答 / PHP
763 2 6

I have a problem to execute a Stored Procedure (FIREBIRD) from php:

$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612','".$tester."'..............

When $tester containts this symbol ' I have a problem..

how can I fix that?

2条回答
够拽才男人
2楼-- · 2020-04-14 03:11

Essentially, you need to escape the string before using it within a query.

The best way to do this is through the use of PDO prepared statements:

$sqlSP="select record_created,record_updated from SP_IMPORT_CRM_SELECTIE (11, 'AC015612',:tester)";
$ps=$dbhandle->prepare($sqlSP);
$ps->bindParam(':tester',$tester,PDO::PARAM_STR);
$ps->execute();

(assuming that $dbhandle is your PDO object)

查看更多
0人赞 添加讨论(0) 举报
狗以群分
3楼-- · 2020-04-14 03:29

Try binding the parameters, take a look at the prepare method.

PHP.net PDO::Prepare

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)