Mysql escape % and _ for PHP PDO
-
30-06-2021 - |
Frage
Is there a special method that will escape % sign and underscore? When i do
PDO->prepare()
does it escape % sign and underscore automatically?
i tried using \% or _ but i dont think it works. Also i want to check a string if string contains such characters.
Thank you
Lösung
If you use PDO->prepare() why not do in the PDO->execute( array $params ) parameter binding. You do not need to worry about escaping with parameter binding.
Andere Tipps
%
and _
are never escaped automatically because it is rarely necessary to escape them .. only if they are used in strings with LIKE
.
You have to handle this manually in php. You can use strpos
to check that either of them is in the string, and you can use str_replace
to do an ad-hoc escape. You may have to escape backslashes themselves within the string depending upon the string type.