How do I escape a `

Question

I have a php line with

    $cmd='mysql -h localhost db -e"create table if not exists 
    levermanneasypivotlocal (RecNum bigint(20) NOT NULL AUTO_INCREMENT, 
    tradedate date, `0001.HK` int(9), `0012.HK` int(9) default NULL, PRIMARY 
    KEY(`recnum`) )  AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;"';
    exec($cmd);

How can I escape the column names ? On a shell and in PHP Script the ` has spezial meanings. I need this for solve this problem: NO ALTER or Create of remote db in a federated engine Thanks a lot.

@PunithaSubramaniYoganyaaS thanks was a typo here in the msg, in the program I did - but did not work with `str_replace($cmd,'\`','\\\\`');` — Walter Schrabmair, Mar 30 '19 at 17:58

score 1 · Accepted Answer · answered Mar 30 '19 at 18:06

Rather than interacting with the database directly and executing MySQL commands from the terminal you likely should be using a database connector such as PDO or MySQLi

if using MySQLi you would escape user input by using MySQLi_real_escape_string https://www.php.net/manual/en/mysqli.real-escape-string.php

or using PDO you would use PDO.Prepare https://www.php.net/manual/en/pdo.prepare.php

These statements allow you to escape your queries properly according to the encoding used in the database used. Other methods of escape may not be valid if the character set on your database is changed.

Thanks for your reply. I need this shell command to let create a federated database or add columns on a federated database on a remote server But your first links I think is a solution - let it check and test. Thanks — Walter Schrabmair, Mar 30 '19 at 18:08

How do I escape a `

1 Answers1