Escape the @ Symbol in a SQL Query

Asked Jul 13 '15 at 19:03

Active Jul 13 '15 at 20:08

Viewed 40 times

I am attempting to delete a database entry, and am matching the entry in the database by searching via the user's email. This means a variable with the @ symbol is placed in my database entry as such:

DELETE FROM `table` WHERE id=$id AND uEmail=$email

I understand that the @ symbol has a usage in SQL, so I presume this is the problem with the statement above. I tried removing the email from the statement and just leaving id, and it worked. How can I escape the @ symbol present in the $email variable?

Thank you for help in advance!

edited Jul 13 '15 at 20:08

VolkerK

95,432
20
163
226

asked Jul 13 '15 at 19:03

ProfessorStealth

1

Don't do that. You need to use parameters. – SLaks Jul 13 '15 at 19:06
email need to placed inside quote: DELETE FROM `table` WHERE id=$id AND uEmail="$email" – georgecj11 Jul 13 '15 at 19:07
Adding quotes works! However, I can see how parameters would be important to prevent SQL injection @SLaks. How would I go about doing that? – ProfessorStealth Jul 13 '15 at 19:10
You'd escape your values; or better yet, use MySQLi or PDO with prepared statements/bind variables – Mark Baker Jul 13 '15 at 19:18

Escape the @ Symbol in a SQL Query

0 Answers0