Mysql escape % and _ for PHP PDO
https://stackoverflow.com/questions/12271183
-
30-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianFrage
Is there a special method that will escape % sign and underscore? When i do
PDO->prepare()
does it escape % sign and underscore automatically?
i tried using \% or _ but i dont think it works. Also i want to check a string if string contains such characters.
Thank you
Lösung
If you use PDO->prepare() why not do in the PDO->execute( array $params ) parameter binding. You do not need to worry about escaping with parameter binding.
Andere Tipps
% and _ are never escaped automatically because it is rarely necessary to escape them .. only if they are used in strings with LIKE.
You have to handle this manually in php. You can use strpos to check that either of them is in the string, and you can use str_replace to do an ad-hoc escape. You may have to escape backslashes themselves within the string depending upon the string type.
