PHP - Escape aphostrophes using PDO
by
Jeremy Canfield |
Updated: March 11 2020
| PHP articles
When inserting or update data in a SQL database using PHP, single quotes or apostrophe's can cause problems.For example, inserting or updating the text I don't like mustard would only update or insert I don, because the apostrophe in don't would be interpreted as the end of the statement by SQL.
This problem can be resolved by using a PDO prepared statement.
<?php
$sql = "UPDATE table_name
SET column1= :column1,
column2 = :column2
WHERE id = :id";
$stmt = $con->prepare($sql);
$stmt->bindParam(':column1', $_POST['column1'], PDO::PARAM_STR);
$stmt->bindParam(':column2 ', $_POST['column2 '], PDO::PARAM_STR);
$stmt->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
$stmt->execute();
?>
Did you find this article helpful?
If so, consider buying me a coffee over at