Bootstrap FreeKB - PHP - Escape aphostrophes using PDO
PHP - Escape aphostrophes using PDO
Updated:   |  PHP articles

When inserting or update data in a SQL database using PHP, single quotes or apostrophe's can cause problems.For example, inserting or updating the text I don't like mustard would only update or insert I don, because the apostrophe in don't would be interpreted as the end of the statement by SQL. 

This problem can be resolved by using a PDO prepared statement.

<?php 
   $sql = "UPDATE table_name 
   SET column1= :column1, 
   column2 = :column2
   WHERE id = :id";
		
   $stmt = $con->prepare($sql); 
   $stmt->bindParam(':column1', $_POST['column1'], PDO::PARAM_STR); 
   $stmt->bindParam(':column2 ', $_POST['column2 '], PDO::PARAM_STR); 		
   $stmt->bindParam(':id', $_POST['id'], PDO::PARAM_INT); 		
   $stmt->execute(); 
?>

 

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 39e39c in the box below so that we can be sure you are a human.