Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to escape apostrophe (') in MySql?

Tags:

mysql

escaping

People also ask

How do I ignore an apostrophe in MySQL?

A “ " ” inside a string quoted with “ " ” may be written as “ "" ”. Precede the quote character by an escape character (“``”). This is the best way to escape apostrophe by doubling it.

How do I skip an apostrophe in SQL?

The simplest method to escape single quotes in SQL is to use two single quotes. For example, if you wanted to show the value O'Reilly, you would use two quotes in the middle instead of one. The single quote is the escape character in Oracle, SQL Server, MySQL, and PostgreSQL.

The MySQL documentation you cite actually says a little bit more than you mention. It also says,

A “'” inside a string quoted with “'” may be written as “''”.

(Also, you linked to the MySQL 5.0 version of Table 8.1. Special Character Escape Sequences, and the current version is 5.6 — but the current Table 8.1. Special Character Escape Sequences looks pretty similar.)

I think the Postgres note on the backslash_quote (string) parameter is informative:

This controls whether a quote mark can be represented by \' in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it ('') but PostgreSQL has historically also accepted \'. However, use of \' creates security risks...

That says to me that using a doubled single-quote character is a better overall and long-term choice than using a backslash to escape the single-quote.

Now if you also want to add choice of language, choice of SQL database and its non-standard quirks, and choice of query framework to the equation, then you might end up with a different choice. You don't give much information about your constraints.


Standard SQL uses doubled-up quotes; MySQL has to accept that to be reasonably compliant.

'He said, "Don''t!"'

What I believe user2087510 meant was:

name = 'something'
name = name.replace("'", "\\'")

I have also used this with success.


There are three ways I am aware of. The first not being the prettiest and the second being the common way in most programming languages:

  1. Use another single quote: 'I mustn''t sin!'
  2. Use the escape character \ before the single quote': 'I mustn\'t sin!'
  3. Use double quotes to enclose string instead of single quotes: "I mustn't sin!"

Here's an example:

SELECT * FROM pubs WHERE name LIKE "%John's%"

Just use double quotes to enclose the single quote.

If you insist in using single quotes (and the need to escape the character):

SELECT * FROM pubs WHERE name LIKE '%John\'s%'

just write '' in place of ' i mean two times '

Related questions

MySQL vs MySQLi when using PHP [closed]
Is it a good idea to index datetime field in mysql?
Which rows are returned when using LIMIT with OFFSET in MySQL?
Get Insert Statement for existing row in MySQL
Increment a database field by 1
Mysql adding user for remote access
Should MySQL have its timezone set to UTC?
How do I remove a MySQL database?
Insert auto increment primary key to existing table
Implementing Comments and Likes in database
How do I retrieve my MySQL username and password?
How do I show a MySQL warning that just happened?
MYSQL Truncated incorrect DOUBLE value
Format number to 2 decimal places
How to do a batch insert in MySQL
Bulk insert with SQLAlchemy ORM
How do you manage databases in development, test, and production?
How to get the number of days of difference between two dates on MySQL?
MySQL root access from all hosts
PHP with MySQL 8.0+ error: The server requested authentication method unknown to the client [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!