LARAVEL getPdo()->quote add slash to quote instead of another quote

1
votes

Here's what i got when i try to quote a string

$string = "Because I'm happy";
$quoted = DB::connection()->getPdo()->quote($string)
// Return 'Because I\'m happy' instead of 'Because I''m happy'

Why ?... Please tell me !

My database connexion is

  'connections' => array(
    'mysql' => array(
    'driver'    => 'mysql',
    'host'      => 'localhost',
    'database'  => 'mytable',
    'username'  => 'root',
    'password'  => '',
    'charset'   => 'utf8',
    'collation' => 'utf8_unicode_ci',
    'prefix'    => '',
    ),
2
databasepdolaravel-4escapingquote

2 Answers

3
votes

The reason you get a \' instead of a '' for the escaping is that you are using a different database: mysql vs sqlite in the examples in the manual.

The escaping is provided by the database driver.

So, in sqlite, the correct way is to double the quotes: https://www.sqlite.org/faq.html#q14

But in mysql, it's a backslash: http://dev.mysql.com/doc/refman/5.7/en/string-literals.html

And the relevant PDO database driver does the correct thing for the database you are using. Except (as noted in the manual) on databases where the quote() method isn't implemented. The best way is prepared statements, which mean you don't need to deal with escaping at all for values.

0
votes

This is because you run quote method from PDO class on a string.

IF you look at PHP manual you see it puts single quotes at the beginning and at at the end of string, so it needs to escape all other single quotes inside a string.