Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

MySQL/PDO::quote(), Putting single quotes around integers

It appears no matter what value/data-type pair I pass to $pdo->quote($value, $type);, it always quotes it as a string:

echo $pdo->quote('foo', PDO::PARAM_STR); /* 'foo', as expected */

echo $pdo->quote(42, PDO::PARAM_INT);    /* '42', expected 42 unquoted */

I'm just curious to know if this is the intended functionality. I use prepared statements for actual query execution, but I'm trying to fetch create the final querystrings (for debugging/caching), and am constructing them manually.

As the title suggests, this is when $pdo is created using the MySQL driver. I haven't tried others due to unavailability.

like image 200
Dan Lugg Avatar asked Mar 18 '11 18:03

Dan Lugg


People also ask

How do I add a quote in MySQL?

QUOTE () function in MySQLThe string is returned enclosed by single quotation marks and with each instance of backslash (\), single quote ('), ASCII NULL, and Control+Z preceded by a backslash.

Can I use double quotes in MySQL?

Double quotes are supported by MySQL for string values as well, but single quotes are more widely accepted by other RDBMS, so it is a good habit to use single quotes instead of double.

How to escape single and double quotes in MySQL?

If you need to use single quotes and double quotes in a string that contains both a contraction and a quote, you will need to use the backslash '' to cancel out the following character.

What does PDO quote do?

Processes a string for use in a query by placing quotes around the input string as required by the underlying SQL Server database. PDO::quote will escape special characters within the input string using a quoting style appropriate to SQL Server.


1 Answers

The Oracle, SQLite, MSSQL, and Firebird drivers all quote as the PDO MySQL driver, ignoring the param type. The PostgreSQL driver only distinguishes between binary large objects and all others. ODBC Driver doesn't implement a quoter. The (lack of) behavior you expect was reported as a bug and closed as "bogus", meaning the behavior is by design. Perhaps the documentation is misleading when it states:

PDO::quote() places quotes around the input string (if required)

While this suggests there may be instances when values aren't surrounded by quotes, it doesn't say there definitely are, nor does it state what those instances are. If you feel this is a bug in documentation, submit a bug report, preferably with a fix.

like image 175
outis Avatar answered Oct 13 '22 09:10

outis