Menu
$id = $_POST['id'];
$text = $_POST['body'];
$id = SQLite3::escapeString($id);
$text = SQLite3::escapeString($text);
$query = "INSERT OR REPLACE INTO messageTable (messageId, userId, body) VALUES ('$id', '$userId', '$text')";
$db->query($query);
The answer provided here escaping strings for SQLite3 in PHP5 is not good for me, as I can't use PDO.
The above code always doubles the number of single quotes when a string has single quotes. For instance, I'm asking a question in 'stackoverflow' will result in I''m asking a question in ''stackoverflow''
301
asked Mar 08 '26 21:03
The ' character is the escape character for the ' character in SQLite (and some other databases):
SQL As Understood By SQLite
A string constant is formed by enclosing the string in single quotes ('). A single quote within the string can be encoded by putting two single quotes in a row - as in Pascal. C-style escapes using the backslash character are not supported because they are not standard SQL.
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
