Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
KnowledgeWoods Consulting
5,607 PointsIgnore single quotes stored in a PHP variable
$sql="INSERT INTO tablename(notes) VALUES('$val')";
And the value of $val contains single quotes like Mary's Grade. That's the reason it is not getting stored in the database. How can i ignore single quotes in php variable?
2 Answers
Andrew Shook
31,709 PointsTry removing the single quotes wrapping $val in the actual SQL statement.
Hugo Paz
15,622 PointsYou need to escape it. There are actually a few ways to do it. Check here http://dev.mysql.com/doc/refman/5.0/en/string-literals.html
KnowledgeWoods Consulting
5,607 PointsPlease explain with example. How can i escape it in a variable as it changes every time in my application?
KnowledgeWoods Consulting
5,607 PointsI have a little problem when i bind the value for updating the row. My code is below:
$val="here is a quote's and another's hello ";
echo $val;
$db = new PDO("sqlsrv:server=(local);Database=testdb","root","****");
$ps = $db->prepare("UPDATE notes_store SET notes=:placeholder WHERE firstname='sameer' AND course_name='tiff' AND module_name='test' IF @@ROWCOUNT=0 INSERT INTO notes_store(firstname,notes) VALUES('sameer',:placeholder)");
$ps->bindValue(":placeholder", "$val");
$ps->execute();
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsNo its not working...I need something which can escape single quotes inside a variable. I am using PDO connection with MS SQL database.
Andrew Shook
31,709 PointsAndrew Shook
31,709 PointsAre you trying to escape a single quote as in " it's " ?
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsYes
Andrew Shook
31,709 PointsAndrew Shook
31,709 PointsOh then Hugo Paz 's answer will help you out.
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsI read something about PDO quote....Is this something which can be of help?
Hugo Paz
15,622 PointsHugo Paz
15,622 PointsYes you can use PDO::quote. There are a few good example here http://php.net/manual/en/pdo.quote.php
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsActually i don't want ' to be converted to ' ' What i want is that ' just gets ignored while inserting it to the database. Example it i want to insert something like "Mary's Grade" in the DB it gets stored as it is.
Hugo Paz
15,622 PointsHugo Paz
15,622 PointsTry this.
This will insert single quotes on the database.
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsWhat is $var here?
Hugo Paz
15,622 PointsHugo Paz
15,622 PointsShould be $val, its the value you want to insert in the database.
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsSo what is :yourValue ?
Hugo Paz
15,622 PointsHugo Paz
15,622 Points:yourValue is a placeholder for the prepared statement.
You give the placeholder a name, like :placeholder and then you bind the value you want to that placeholder through $ps->bindValue(":yourValue", $var);
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 Points$val="here is a quote's and another's ";
Its not inserting it.
Hugo Paz
15,622 PointsHugo Paz
15,622 PointsCan you post all your php code that deals with database please?
KnowledgeWoods Consulting
5,607 PointsKnowledgeWoods Consulting
5,607 PointsIts inserted now....Thanks....!!!
I used "$val" instead of '$val' and it worked.