我有一个正常工作的INSERT函数,除非我在尝试添加带引号的值。我有这个代码块用两个单一替换单引号然后插入它,但没有任何改变。我更改了此示例的主机和密码。
$title = str_replace("'", " '' ", $title);
//Connecting to the database
$dbh = new PDO('mysql:host=workinghost;dbname=mydatabase', $username, $password);
if (!($stmt = $dbh->prepare("INSERT INTO calendar(title, start) VALUES(:title, :start)")))
{
//echo "Prepare failed: (" . $mysql->errno . ") " . $mysql->error;
}
$stmt->bindParam(":title", $title);
$stmt->bindParam(":start", $date);
$stmt->execute();