Name
QUOTE()
Synopsis
QUOTE(string
)
This function accepts a string enclosed in single quotes and returns a string that is safe to manipulate with SQL statements. Single quotes, backslashes, ASCII NULLs, and Ctrl-Zs contained in the string are escaped with a backslash. This is a useful security measure when accepting values from a public web interface. Here is an example:
SELECT QUOTE(course_name) AS Courses FROM courses WHERE course_code = 'ENGL-405'; +---------------------+ | Courses | +---------------------+ | 'Works of O\'Henry' | +---------------------+
Notice in the results that because of the
QUOTE()
function, the string returned is
enclosed in single quotes, and the single quote within the data
returned is escaped with a backslash.
Get MySQL in a Nutshell, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.