I think the best practice is to use prepared statements, but you can use the addslashes($string)
and stripslashes($string)
functions too.
Best Practice WIth Apostrophe in Php Mysql Queries [closed]
-
13-01-2022 - |
Question
Apostrophes can be a pain while sending sql update queries in from php when there's a non-matching "'" inside the string. What is the best practice to overcome this problem?
Thanks
Solution 2
OTHER TIPS
PDO:
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = :username');
$stmt->execute(array(':username' => $_GET['username']));
MySQLi:
$query = $mysqli->prepare('SELECT * FROM users WHERE username = s');
$query->bind_param('s', $_GET['username']);
These extensions have built-in functions for creating prepared queries which let you use quotes and apostrophes without any problems.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow