Home/ Questions/Q 8880661
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T20:12:17+00:00

I’m using PDO for my querys and try to escape some ‘&’ since they

  • 0

I’m using PDO for my querys and try to escape some ‘&’ since they make the request invalid. I already tried with mysql_real_escape_string and pdo quote… both didn’t escaped the ‘&’. My values are for example “James & Jack”.

As Connector:

$this->connect = new PDO("mysql:host=$db_host;dbname=$db_name;", $db_user, $db_pass,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));

As Query:

function check_exist($query,$parameter)
{
    try
    {
    $this->connect->prepare($query);
    $this->connect->bindParam(':parameter', $parameter, PDO::PARAM_STR);
    $this->connect->execute();
    return $this->connect->fetchColumn();


        unset ($query);
    }
    catch(PDOException $e) 
    {  
        echo $e->getMessage(); 
    }

}

Finaly the Call to action

$db = new database;
$db->connect('framework','localhost','root','');
$result = $db->check_exist('SELECT COUNT(*) FROM cat_merge WHERE cat=:parameter',$cat);
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Try using prepared statements this way:

    <?php
// Connect to the database
$db = new PDO('mysql:host=127.0.0.1;dbname=DB_NAME_HERE', 'username', 'password');
// Don't emulate prepared statements, use the real ones
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
// Prepare the query
$query = $db->prepare('SELECT * FROM foo WHERE id = ?');
// Execute the query
$query->execute($_GET['id']);
// Get the result as an associative array
$result = $query->fetchAll(PDO::FETCH_ASSOC);
// Output the result
print_r($result);
?>
    • 0