Home/ Questions/Q 7082751
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T07:05:36+00:00

Using PDO to CRUD with SQLITE3. When I insert a string ‘didn’t’, the string

  • 0

Using PDO to CRUD with SQLITE3. When I insert a string ‘didn’t’, the string goes into the table as ‘didn\’t’.

So, later when I read the string back out, to ouput to HTML, I get didn\’t in my web page.

So, if PDO is escaping the single quote on the INSERT with the backslash, how do I strip out the escaping backslashes for presentation?

Does that make sense?

EDIT – Including code. $eventBody is the string in question.

try {
               $db = new PDO('sqlite:../posts.sqlite');
                $db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
                }
            catch(PDOException $e)
                {
                    echo $e->getMessage();
                    die;
                }
                    //using the sqlite functions to do date/time stuff
        $query = 'INSERT INTO posts (eDay, eMonth, eYear, eTitle, eBody,author, eURL, eTime)
                  VALUES( strftime(\'%d\',\'now\') , strftime(\'%m\',\'now\') , strftime(\'%Y\',\'now\') ,"'. $eventTitle .'","'.$eventBody.'","' . $eventAuthor. '","' . $eventURL . '",time(\'now\',\'localtime\'));' ;

                try
                {
                $result=$db->query($query);
                if(!($result))
                {
                    echo "INSERT FAILED.<br>";
                    echo "QUERY STRING: ".$query ." <br>";
                    die;

                }
                    echo "Successfully Added Record";
                    $eventTitle = '';
                    $eventBody='';
                    $eventURL='';
                    $eventAuthor='';
            //      urlRedirect("Referback.php");
                }
                catch (PDOException $ex)
                {
                    echo $ex->getMessage();
                    die;
                }
                catch (Exception $exc)
                {
                    echo $exc->getMessage();
                    die;
                }
        }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    PDO works the way it should, you should check how you do your insert (build the queries) and the data source (meaning what’s coming from $_POST/$_GET).

    And specially the magic quotes gpc. If you don’t know what it is, check it out. It’s a very recurrent problem. Before you start using stripslashes/addslashes and such.

    You should also use the prepared statement, it’s not only nicer, but a lot less work and safer.

    $stmt = $db->prepare('INSERT INTO posts '.
    '(eDay, eMonth, eYear, eTitle, eBody, author, eURL, eTime) '.
    'VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$result = $stmt->execute(array(
    date('d'),
    date('m'),
    date('Y'),
    $eventTitle,
    $eventBody,
    $eventAuthor,
    $eventURL,
    time('now', 'localtime')
));

    You could also print the data you give to ̀ execute` to make sure, it is what you want.

    • 0