I’m seeing some weirdness when I try to run a query using PDO. The

Question

0

Asked: May 24, 20262026-05-24T05:40:07+00:00 2026-05-24T05:40:07+00:00

I’m seeing some weirdness when I try to run a query using PDO. The

0

I’m seeing some weirdness when I try to run a query using PDO. The following code shouldn’t return results, but it does:

$safe_path = $this->_databaseConnection->quote($unsafe_path);
$sql = "SELECT * FROM routes WHERE path=$safe_path LIMIT 1";
$statement_handle = $this->_databaseConnection->query($sql);
var_dump($statement_handle->fetchAll());

I’m confused because there aren’t single quotes around the $safe_path variable as there would be if I were using the mysqli extension – but it’s working. If I enclose $safe_path in quotes, no results are returned. This seems strange to me.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T05:40:07+00:00

You are already quoting the $safe_path variable with your first line in the sample:

$safe_path = $this->_databaseConnection->quote($unsafe_path);

That is why it works as it stands. If you attempt to add quotes yourself in the:

$sql = "SELECT * FROM routes WHERE path='$safe_path' LIMIT 1";

line then you would be doubling up the quotes and therefore breaking the SQL query.

Please see the manual page for quote() for more information:

PDO::quote() places quotes around the input string (if required) and
escapes special characters within the input string, using a quoting
style appropriate to the underlying driver.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m seeing some weirdness when I try to run a query using PDO. The

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply