Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All


SQL Server 2008 R2

Processes a string for use in a query by placing quotes around the input string as required by the underlying SQL Server database. PDO::quote will escape special characters within the input string using a quoting style appropriate to SQL Server.

string PDO::quote( $string[, $parameter_type ] )

$string: The string to quote.

$parameter_type: An optional (integer) symbol indicating the data type. The default is PDO::PARAM_STR.

A quoted string that can be passed to an SQL statement, or false if failure.

Support for PDO was added in version 2.0 of the Microsoft Drivers for PHP for SQL Server.

$database = "test";
$server = "(local)";
$conn = new PDO( "sqlsrv:server=$server ; Database = $database", "", "");

$param = 'a \' g';
$param2 = $conn->quote( $param );

$query = "INSERT INTO Table1 VALUES( ?, '1' )";
$stmt = $conn->prepare( $query );

$query = "INSERT INTO Table1 VALUES( ?, ? )";
$stmt = $conn->prepare( $query );
$stmt->execute(array($param, $param2));


Other Resources


Community Additions

© 2015 Microsoft