Besides substituting ' with '' (double single-quotes) you might also want to consider trimming trailing spaces. I ended up inserting strings like 'Doug' and 'Doug ' in a unique-indexed column. SQLite let me do it and all was well. One day I exported that data to MS SQL and it complained about the second 'Doug ' coming in because it ignores trailing spaces, so there was an index collision.
Doug > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Dennis Cote > Sent: Thursday, May 22, 2008 10:36 AM > To: General Discussion of SQLite Database > Subject: Re: [sqlite] Equivalent of mysql_real_escape_string() ? > > Skip Evans wrote: > > Hey all, > > > > Okay, I'm looking all through the PDO docs on > > php.net, but am unable to find the SQLite > > equivalent to the MySQL function > > > > mysql_real_escape_string() > > > > in case, among other things, a text field contains > > single quotes, etc. > > > > How is this done in SQLite? I'm still scouring the > > the docs but having no luck. > > > > Does it have something to do with > > > > $dbh->prepare() > > > > ...or am I on the wrong track with that one? > > While I agree with Jay, using bound parameters is a much better > approach, there is a partial answer to your question. > > SQLite provides the sqlite3_mprintf() function and it's associated %q > and %Q format specifiers for quoting SQL strings. See > http://www.sqlite.org/c3ref/mprintf.html for details. > > I'm not sure if this functionality is exposed through the Perl PDO > wrapper though. > > HTH > Dennis Cote > _______________________________________________ > sqlite-users mailing list > sqlite-users@sqlite.org > http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
