Name
quote
Synopsis
$sql = $dbh->quote($value); $sql = $dbh->quote($value, $data_type);
Quotes a string literal for use as a literal value in an SQL statement, by escaping any special characters (such as quotation marks) contained within the string and adding the required type of outer quotation marks.
$sql = sprintf "SELECT foo FROM bar WHERE baz = %s", $dbh->quote("Don't");
For most database types, quote
would return
'Don''t'
(including the outer quotation marks).
An undefined $value
value will be returned as the
string NULL
(without quotation marks) to match how
NULLs are represented in SQL.
If $data_type
is supplied, it is used to try to
determine the required quoting behavior by using the information
returned by type_info
. As a special case, the
standard numeric types are optimized to return
$value
without calling
type_info
.
quote
will probably not be
able to deal with all possible input (such as binary data or data
containing newlines), and is not related in any way with escaping or
quoting shell meta-characters. There is no need to quote values being
used with placeholders and bind values.
Get Programming the Perl DBI now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.