downloads | documentation | faq | getting help | mailing lists | licenses | wiki | reporting bugs | php.net sites | links | conferences | my php.net

search for in the

Our source is open

The syntax highlighted source is automatically generated by PHP from the plaintext script. If you're interested in what's behind the several functions we used, you can always take a look at the source of the following files:

Of course, if you want to see the source of this page, we have it available. You can also browse the SVN repository for this website on svn.php.net.

Source of: /manual/en/pdo.quote.php

<?php
include_once $_SERVER['DOCUMENT_ROOT'] . '/include/shared-manual.inc';
$TOC = array();
$PARENTS = array();
include_once dirname(__FILE__) ."/toc/class.pdo.inc";
$setup = array (
  'home' =>
  array (
    0 => 'index.php',
    1 => 'PHP Manual',
  ),
  'head' =>
  array (
    0 => 'UTF-8',
    1 => 'en',
  ),
  'this' =>
  array (
    0 => 'pdo.quote.php',
    1 => 'PDO::quote',
  ),
  'up' =>
  array (
    0 => 'class.pdo.php',
    1 => 'The PDO class',
  ),
  'prev' =>
  array (
    0 => 'pdo.query.php',
    1 => 'PDO::query',
  ),
  'next' =>
  array (
    0 => 'pdo.rollback.php',
    1 => 'PDO::rollBack',
  ),
);
$setup["toc"] = $TOC;
$setup["parents"] = $PARENTS;
manual_setup($setup);

manual_header();
?>
<div id="pdo.quote" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">PDO::quote</h1>
  <p class="verinfo">(PHP 5 &gt;= 5.1.0, PECL pdo &gt;= 0.2.1)</p><p class="refpurpose"><span class="refname">PDO::quote</span> &mdash; <span class="dc-title">
   Quotes a string for use in a query.
  </span></p>

 </div>
 <a name="pdo.quote.description"></a><div class="refsect1 description">
  <h3 class="title">Description</h3>
  <div class="methodsynopsis dc-description">
   <span class="type">string</span> <span class="methodname"><b>PDO::quote</b></span>
    ( <span class="methodparam"><span class="type">string</span> <tt class="parameter">$string</tt></span>
   [, <span class="methodparam"><span class="type">int</span> <tt class="parameter">$parameter_type</tt><span class="initializer"> = PDO::PARAM_STR</span></span>
  ] )</div>


  <p class="para rdfs-comment">
   <b>PDO::quote()</b> places quotes around the input string (if
   required) and escapes special characters within the input string, using a
   quoting style appropriate to the underlying driver.
  </p>
  <p class="para">
   If you are using this function to build SQL statements, you are
   <em class="emphasis">strongly</em> recommended to use
   <a href="pdo.prepare.php" class="function">PDO::prepare()</a> to prepare SQL statements with bound
   parameters instead of using <b>PDO::quote()</b> to interpolate
   user input into a SQL statement.  Prepared statements with bound parameters
   are not only more portable, more convenient, immune to SQL injection, but
   are often much faster to execute than interpolated queries, as both the
   server and client side can cache a compiled form of the query.
  </p>
  <p class="para">
   Not all PDO drivers implement this method (notably PDO_ODBC).  Consider
   using prepared statements instead.
  </p>
 </div>

 <a name="pdo.quote.parameters"></a><div class="refsect1 parameters">
  <h3 class="title">Parameters</h3>
  <p class="para">
   </p><dl>

    <dt class="varlistentry">

     <span class="term"><i><tt class="parameter">string</tt></i>
</span>

      </dt><dd class="listitem">

       <p class="para">
        The string to be quoted.
       </p>
      </dd>

    
    <dt class="varlistentry">

     <span class="term"><i><tt class="parameter">parameter_type</tt></i>
</span>

      </dt><dd class="listitem">

       <p class="para">
        Provides a data type hint for drivers that have alternate quoting styles.
        The default value is <b><tt class="constant">PDO::PARAM_STR</tt></b>.
       </p>
      </dd>

    
   </dl>
<p>
  </p>
 </div>

 <a name="pdo.quote.returnvalues"></a><div class="refsect1 returnvalues">
  <h3 class="title">Return Values</h3>
  <p class="para">
   Returns a quoted string that is theoretically safe to pass into an
   SQL statement.  Returns <b><tt class="constant">FALSE</tt></b> if the driver does not support quoting in
   this way.
  </p>
 </div>


 

 <a name="pdo.quote.examples"></a><div class="refsect1 examples">
  <h3 class="title">Examples</h3>
  <p class="para">
   </p><div class="example">
    <p><b>Example #1 Quoting a normal string</b></p>
    <div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$conn&nbsp;</span><span style="color: #007700">=&nbsp;new&nbsp;</span><span style="color: #0000BB">PDO</span><span style="color: #007700">(</span><span style="color: #DD0000">'sqlite:/home/lynn/music.sql3'</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;Simple&nbsp;string&nbsp;*/<br /></span><span style="color: #0000BB">$string&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">'Nice'</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Unquoted&nbsp;string:&nbsp;</span><span style="color: #0000BB">$string</span><span style="color: #DD0000">\n"</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Quoted&nbsp;string:&nbsp;"&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">quote</span><span style="color: #007700">(</span><span style="color: #0000BB">$string</span><span style="color: #007700">)&nbsp;.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

    <div class="example-contents para"><p>The above example will output:</p></div>
    <div class="example-contents screen">
<div class="cdata"><pre>
Unquoted string: Nice
Quoted string: &#039;Nice&#039;
</pre></div>
    </div>
   </div><p>
   </p><div class="example">
    <p><b>Example #2 Quoting a dangerous string</b></p>
    <div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$conn&nbsp;</span><span style="color: #007700">=&nbsp;new&nbsp;</span><span style="color: #0000BB">PDO</span><span style="color: #007700">(</span><span style="color: #DD0000">'sqlite:/home/lynn/music.sql3'</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;Dangerous&nbsp;string&nbsp;*/<br /></span><span style="color: #0000BB">$string&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">'Naughty&nbsp;\'&nbsp;string'</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Unquoted&nbsp;string:&nbsp;</span><span style="color: #0000BB">$string</span><span style="color: #DD0000">\n"</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Quoted&nbsp;string:"&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">quote</span><span style="color: #007700">(</span><span style="color: #0000BB">$string</span><span style="color: #007700">)&nbsp;.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

    <div class="example-contents para"><p>The above example will output:</p></div>
    <div class="example-contents screen">
<div class="cdata"><pre>
Unquoted string: Naughty &#039; string
Quoted string: &#039;Naughty &#039;&#039; string&#039;
</pre></div>
    </div>
   </div><p>
   </p><div class="example">
    <p><b>Example #3 Quoting a complex string</b></p>
    <div class="example-contents programlisting">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br />$conn&nbsp;</span><span style="color: #007700">=&nbsp;new&nbsp;</span><span style="color: #0000BB">PDO</span><span style="color: #007700">(</span><span style="color: #DD0000">'sqlite:/home/lynn/music.sql3'</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">/*&nbsp;Complex&nbsp;string&nbsp;*/<br /></span><span style="color: #0000BB">$string&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"Co'mpl''ex&nbsp;\"st'\"ring"</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Unquoted&nbsp;string:&nbsp;</span><span style="color: #0000BB">$string</span><span style="color: #DD0000">\n"</span><span style="color: #007700">;<br />print&nbsp;</span><span style="color: #DD0000">"Quoted&nbsp;string:&nbsp;"&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #0000BB">$conn</span><span style="color: #007700">-&gt;</span><span style="color: #0000BB">quote</span><span style="color: #007700">(</span><span style="color: #0000BB">$string</span><span style="color: #007700">)&nbsp;.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

    <div class="example-contents para"><p>The above example will output:</p></div>
    <div class="example-contents screen">
<div class="cdata"><pre>
Unquoted string: Co&#039;mpl&#039;&#039;ex &quot;st&#039;&quot;ring
Quoted string: &#039;Co&#039;&#039;mpl&#039;&#039;&#039;&#039;ex &quot;st&#039;&#039;&quot;ring&#039;
</pre></div>
    </div>
   </div><p>
  </p>
 </div>


 <a name="pdo.quote.seealso"></a><div class="refsect1 seealso">
  <h3 class="title">See Also</h3>
  <p class="para">
   </p><ul class="simplelist">
    <li class="member"><a href="pdo.prepare.php" class="function" rel="rdfs-seeAlso">PDO::prepare()</a> - Prepares a statement for execution and returns a statement object</li>
    <li class="member"><a href="pdostatement.execute.php" class="function" rel="rdfs-seeAlso">PDOStatement::execute()</a> - Executes a prepared statement</li>
   </ul><p>
  </p>
 </div>


</div><?php manual_footer(); ?>
 
show source | credits | sitemap | contact | advertising | mirror sites