Name

quote

Synopsis

$sql = $dbh->quote($value);
$sql = $dbh->quote($value, $data_type);

Quotes a string literal for use as a literal value in an SQL statement, by escaping any special characters (such as quotation marks) contained within the string and adding the required type of outer quotation marks.

$sql = sprintf "SELECT foo FROM bar WHERE baz = %s",
              $dbh->quote("Don't");

For most database types, quote would return 'Don''t' (including the outer quotation marks).

An undefined $value value will be returned as the string NULL (without quotation marks) to match how NULLs are represented in SQL.

If $data_type is supplied, it is used to try to determine the required quoting behavior by using the information returned by type_info. As a special case, the standard numeric types are optimized to return $value without calling type_info.

quote will probably not be able to deal with all possible input (such as binary data or data containing newlines), and is not related in any way with escaping or quoting shell meta-characters. There is no need to quote values being used with placeholders and bind values.

Get Programming the Perl DBI now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.