'' for ' or \' for ', which is more universal?

searain

How to handle the Single quote ' issue in the database sql?

Some people said use '' for ' is the SQL standard. So make the codes universal, we should use this approach, '' to replace ' for the sql statement, instead of \' for'.

So when i set up my php.ini, I better to set it up so my code will be using '' for ' in the sql statement instead of \' for '?

str_replace("'", "''", $valuetouseinsql)

I used to make sure I have this when I use a value in sql. I know if I set up php.ini differently, I don't have to escape the single quote at all before I use a value in sql.

It will be much easier for me to not worrying about the single quote issue in sql statment.

But due to I have the impression that use '' for ' is SQL standard, so I thought keep it this way will make my codes more universal. More platform will be set up this way that is you have to escape single quote ' with '' before the value used in sql.

Any advices?

Mordecai

Neither is any more universal than the other. It all depends on the coding style of the person. When someone queries, they can use either double quotes around the entire query (which means single quotes inside, or escaped doubles), or someone can use single quoes around the entire query (which means double quotes on the inside).

So, really, there is no universal standard. Both should work on any system, as well.