Insert single quote values in PostgreSQL

Question

Insert single quote values in PostgreSQL

I want to run the following query with one quotation mark.

INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc'hotels')

I just want to add the value of abc'hotels . I used backslash but that didn't work.

 INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc\'hotels')

How can i solve this?

+7

sql php postgresql

Dinuka thilanga Aug 08 '12 at 5:15

source share

2 answers

Like Chris Mutray and others, it would be better if you used pdo and prepared statements. The following is an example of how you can prepare a statement, provide a value operator, and then execute it. I left a connection.

 $statement = $pdo->prepare("insert into web_camp_keywords (web_id, keyword) values (:id, :keyword)"); $statement->bindValue(':id', 195); $statement->bindValue(':keyword', "abc'hotels"); $statement->execute();

+2

Masse Aug 08 '12 at 5:58

source share

Chris moutray · Accepted Answer · 2012-08-08T05:22:18+0000

You can escape the single quote with another single.

 INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc''hotels')

But personally, I think you should use prepared statements with binding parameters .

In addition, using prepared statements with binding parameters is one of the easiest ways to protect against SQL injection , the largest source of security holes in web applications.

Insert single quote values ​​in PostgreSQL

More articles:

Insert single quote values in PostgreSQL