Writing Strings That Include Quotes or Special Characters

4.2.1 Problem

You want to write a quoted string, but it contains quote characters or other special characters, and MySQL rejects it.

4.2.2 Solution

Learn the syntax rules that govern the interpretation of strings in queries.

4.2.3 Discussion

To write a string in a SQL statement, surround it with quote characters:

mysql> SELECT 'hello, world';
+--------------+
| hello, world |
+--------------+
| hello, world |
+--------------+

But sometimes you need to write a string that includes a quote character, and if you just put the quote into the string as is, a syntax error results:

mysql> SELECT 'I'm asleep';
ERROR 1064 at line 1: You have an error in your SQL syntax near 'asleep''
at line 1

You can deal with this several ways:

• MySQL, unlike some SQL engines, allows you to quote strings with either single quotes or double quotes, so you can enclose a string containing single quotes within double quotes:

  mysql> SELECT "I'm asleep";
  +------------+
  | I'm asleep |
  +------------+
  | I'm asleep |
  +------------+

  This works in reverse, too; a string containing double quotes can be enclosed within single quotes:

  mysql> SELECT 'He said, "Boo!"';
  +-----------------+
  | He said, "Boo!" |
  +-----------------+
  | He said, "Boo!" |
  +-----------------+

• To include a quote character within a string that is quoted by the same kind of quote, either double the quote or precede it with a backslash. When MySQL reads the query string, it will strip off the extra quote or the backslash:

  mysql> SELECT 'I''m asleep', 'I'm wide awake';
  +------------+----------------+
  | I'm asleep | I'm wide awake |
  +------------+----------------+
  | I'm asleep | I'm wide awake |
  +------------+----------------+
  1 row in set (0.00 sec)
  mysql> SELECT "He said, ""Boo!""", "And I said, "Yikes!"";
  +-----------------+----------------------+
  | He said, "Boo!" | And I said, "Yikes!" |
  +-----------------+----------------------+
  | He said, "Boo!" | And I said, "Yikes!" |
  +-----------------+----------------------+

A backslash turns off the special meaning of the following character. (It causes a temporary escape from normal string processing rules, so sequences such as ' and " are called escape sequences.) This means that backslash itself is special, so to write a literal backslash within a string, you must double it:

mysql> SELECT 'Install MySQL in C:\mysql on Windows';
+--------------------------------------+
| Install MySQL in C:mysql on Windows |
+--------------------------------------+
| Install MySQL in C:mysql on Windows |
+--------------------------------------+

Other escape sequences recognized by MySQL are  (backspace), (newline, also called linefeed), (carriage return), (tab), and (ASCII NUL).

4.2.4 See Also

Use of escape sequences for writing string values is best limited to text values. Values such as images that contain arbitrary data also must have any special characters escaped if you want to include them in a query string, but trying to enter an image value by typing it in is too painful even to think about. You should construct such queries from within a program where you can use the placeholder mechanism provided by the language's MySQL API. See Recipe 2.7.