How to handle single quote in a SQL query using PDO?

Hi, not clear for me.

Data save via
$sth = $this->db->prepare($sql);
$result = $sth->execute($params);


Data in database are saved, but! PDO error:
Warning: PDOStatement::execute(): SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dmin@example.com" at line 1 in ...\application\model\M_Database.php on line 49


In $sth value is stored with the quote like this:

':email' => string(18) "a'dmin@example.com"

What am I doing wrong and how to fix it?
July 9th 19 at 10:26
2 answers
July 9th 19 at 10:28
Solution
It's not very clear what is better than prepare? - kiara.Leuschke commented on July 9th 19 at 10:31
: this is not a replacement prepare, but just after the addition of its functionality. Different just have the fact that your mistakes should not be made for shielding. - bailee_Stant commented on July 9th 19 at 10:34
: Really helped, thanks - kiara.Leuschke commented on July 9th 19 at 10:37
July 9th 19 at 10:30
And you seem to have a SQL like this:
SELECT * FROM table WHERE email = ':email'

I would advise to change into:

SELECT * FROM table WHERE email = :email

Trust the DTP, screen not the variables themselves

Find more questions by tags MySQLSQLPHP PDO