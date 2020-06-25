I was messing around with some simple PHP scripts using vanilla PHP with PDO to interact with MySQL. As I was throwing around some edge cases to see what happens, I noticed a slightly odd thing. If I execute the following SQL query in a PHP script:

$db = new PDO("mysql:host=localhost;dbname=test", /*other db info*/); $quotesSql = "CREATE TABLE `Quotin'it!'` (num INT(255), `title` VARCHAR(30));"; $quotesStmnt = $db->prepare($quotesSql); $quotesStmnt->execute([]);

The name of the output table that is created has the single quotes converted to HTML entities:

+----------------------------------+ | Tables_in_test | +----------------------------------+ | Quotin'it!' | +----------------------------------+

The point is that the table name is Quotin'it!'

Now obviously you are pretty much never going to have table names with special characters like single quotes in them, so I’m not concerned with the usefulness of this. But I am curious from a technical side: why does PDO encode certain characters this way? Is it even PDO that is doing this? Which special characters get encoded and which don’t? (You’ll notice the exclamation point in my example name did not get encoded.)

The reason I think PDO is the one auto-encoding this is because when I run the same statement in my console [ mysql> CREATE TABLE ` Quotin'it!' ` (num INT(255), ` title ` VARCHAR(30)); ] the table name created is unencoded!

+----------------------------------+ | Tables_in_autocomplete_items | +----------------------------------+ | Quotin'it!' | +----------------------------------+

The backticks protect the table name correctly in that case.

Has anyone else encountered this? Or does anyone have a link for where to find the documentation about this? Google searching & browsing PHP’s website hasn’t helped me.

Thanks!