Database Abstraction Layer for PHP

User Tools

Site Tools



See Also


string qStr(
       string $unquoted,
       optional bool $dontFixQuotes=false


The function qStr() takes an input string, and allows it to be:

  1. Wrapped in single quotes.The value can then be used, for example in an SQL statement.
  2. Have quotes inside the string escaped in a way that is appropriate for the database. This is done wherever possible using PHP driver functions e.g. MySQL real_escape_string. The second parameter, $dontFixQuotes stops any internal quoting happening, This parameter was mostly used in older versions of PHP when the now removed magic_quotes parameter was enabled, and the 2 methods were in conflict.


$string = "Patrick O'Reilly";
$SQL = "SELECT * FROM names WHERE name='$string'";
$result = $db->execute($SQL);
 * Execution fails  due to mismatched ` characters
$qString = $db->qStr($string);
 * function returns 'Patrick O\'Reilly' (The resulting string is database-specific)
$SQL = "SELECT * FROM names WHERE name=$qString";
$result = $db->execute($SQL);
 * Execution succeeds
v5/reference/connection/qstr.txt · Last modified: 2018/07/16 19:38 by peterdd