Processes a string for use in a query by placing quotes around the input string as required by the underlying SQL Server database. PDO::quote will escape special characters within the input string using a quoting style appropriate to SQL Server.

string PDO::quote( $string[, $parameter_type ] )

$string: The string to quote.

$parameter_type: An optional (integer) symbol indicating the data type. The default is PDO::PARAM_STR.

A quoted string that can be passed to an SQL statement, or false if failure.

Support for PDO was added in version 2.0 of the Microsoft Drivers for PHP for SQL Server.

$database = "test";
$server = "(local)";
$conn = new PDO( "sqlsrv:server=$server ; Database = $database", "", "");

$param = 'a \' g';
$param2 = $conn->quote( $param );

$query = "INSERT INTO Table1 VALUES( ?, '1' )";
$stmt = $conn->prepare( $query );

$query = "INSERT INTO Table1 VALUES( ?, ? )";
$stmt = $conn->prepare( $query );
$stmt->execute(array($param, $param2));


Other Resources


Community Additions