Name
quote( )
Synopsis
$database_handle
->quote(string
)
Use this to escape special characters contained in a given string. It’s useful in SQL statements particularly for unknown user input that might contain metacharacters that would cause undesirable behavior by MySQL.
... my $comment = "Henry James' book \"The Muse\" is wonderful!"; my $quoted_comment = $dbh->quote($comment); my $sql_stmnt = "UPDATE books SET comment = ?"; my $sth = $dbh->prepare($sql_stmnt); $sth->execute($quoted_comment);
Get MySQL in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.