First, in SQLite, single quotes in strings are not escaped. They are
instead doubled. For example,
O'Jones
should be the SQL string
'O''Jones'
(that's standard SQL behavior). It MySQL that makes it different with quotes.
Second, if you really need to quote a string to
Owen wrote:
The code below creates a database, then reads it but it fails when I
try to match an apostrophied name.
Any suggestions as to where I am going wrong would be much
appreciated.
$SQL = select * FROM tennisclub where last LIKE '%$name%' ;
$cursor = $dbh-prepare($SQL);
Just DO NOT place values into SQL commands, use placeholders. It makes
reusing SQL statements easier, it avoids all kinds of quoting issues,
reduces the lines of code you need to write, and (in a web environment)
avoids SQL injection, a common path for all kinds of attacks.
Your Code:
$SQL =
