MySQL Forums
Forum List  »  Stored Procedures

Re: Escape sproc Parameters
Posted by: John Noble
Date: December 01, 2020 07:44AM

Peter Brawley Wrote:
-------------------------------------------------------
> Right, actually input data needs to be cleaned up
> before it gets to MySQL, you need to pass your
> strings through your language's equivalent of
> PHP's mysqli_real_escape_string().


Hi Peter,

That's not the behavior I am seeing.

In my c# WinFOrms application, I can write [John's boat] into the textbox and QUOTE(p_name) will insert it nicely.

From W3Resource...
MySQL QUOTE() produces a string which is a properly escaped data value in an SQL statement, out of a user supplied by the string as an argument.

Options: ReplyQuote


Subject
Views
Written By
Posted
205
November 23, 2020 03:46AM
49
November 23, 2020 10:46AM
48
November 28, 2020 11:32AM
48
November 28, 2020 01:05PM
Re: Escape sproc Parameters
35
December 01, 2020 07:44AM


Sorry, only registered users may post in this forum.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.