It is already quoted. That's the point.
Michael T. Babcock wrote:
> gerald_clark wrote:
>
>> $qtext=$dbh->quote($text);
>> $dbh->execute("insert into mytable set myvariable = $qtext");
>>
>> The above quote() function will put a \ in fronnt of all the special
>> characters listed in the manual.
>> These in clude "'\ and the hex 00 character.
>
>
> FWIW, before anyone copies and pastes that you should use (as I'm
> sure Gerald actually does):
> execute("insert into mytable set myvariable = \"$qtext\""); so that
> there are quotes around your variable when you insert it into the DB
> and if there are spaces within your data (even accidentally), it won't
> try to parse the data as part of the query;
>
> "UPDATE MyTable SET Name = Michael Babcock WHERE ID = 4;" will get you
> some errors, for the people who like examples. I've also had the
> occasional "UPDATE MyTable SET Name = WHERE ID = 4;" which is also
> avoided by always quoting variables.
>
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
