Escape a preset column name in PHP PDO

Question

I have mySql statement below.

$sql = "INSERT INTO `myTbl`.uploads('id','name','group') VALUES (:id,:user,:group)";
$result = $db->prepare($sql);

GROUP is a reserved command in mySql. How can I escape this so that I can execute my prepare statement?

Thanks.

Backticks are for escaping identifiers, not single quotes. You already used them for the table name. — mario, Mar 13 '13 at 02:17

score 4 · Accepted Answer · edited May 23 '17 at 11:50

4

Identifiers such as columnNames and tableNames shouldn't be wrap with single quotes, but instead with backtick. Wrapping with single quotes converts the identifier to become string literals.

INSERT INTO myTbl.uploads(id, name, `group`) VALUES (:id,:user,:group)

When to use single quotes, double quotes, and backticks?

edited May 23 '17 at 11:50

Community

1
1

answered Mar 13 '13 at 02:17

John Woo

258,903
69
498
492

Escape a preset column name in PHP PDO

1 Answers1