In strings, certain sequences have special meanings. These sequences start with a backslash ('\'), the so-called escape character . MySQL recognizes the following escape sequences:
| \0 |
ASCII 0 (NUL) character. |
| \' |
apostrophe('''). |
| \" |
Double quotes('"'). |
| \b |
backspace character. |
| \n |
newline. |
| \r |
carriage return. |
| \t |
tab character. |
| \WITH |
ASCII 26 ( Control (Ctrl)-Z). This character can be encoded as '\Z' to allow you to work around the problem of ASCII 26 representing end of file in Windows. (ASCII 26 will cause problems if you try to use mysql db_name < file_name ). |
| \\ |
Backslash ('\') character. |
| \% |
'%'character. See note following table. |
| \_ |
'_'character. See note following table. |
These sequences are case sensitive. For example, '\b' is interpreted as backspace, but '\B' is interpreted as 'B'.
The '\%' and '\_' sequences are used to search for instances of '%' and '_' literals in a pattern-matching environment that might be interpreted as wildcards. See Section 12.3.1, “String Comparison Functions” . Note that if you use '\%' or '\_' in other contexts, they return the strings '\%' and '\_', not '%' and '_'.
In other escape sequences, backslashes are ignored. That is, escape characters are interpreted as if they were not escaped.
There are several ways to include quotes in a string:
· ''' quoted with ''' in a string can be written as ''''.
· The '"' quoted with '"' in a string can be written as '""'.
· You can add escape characters ('\') before quotation marks.
· ''' quoted with '"' within a string does not require special handling, no double-character or escaping. Likewise, '"' quoted with ''' within a string does not require special handling.
The following SELECT statement shows how quoting and escaping work:
mysql> SELECT 'hello', '"hello"', '""hello""', 'hel''lo', '\'hello';
+-------+---------+-----------+--------+--------+
| hello | "hello" | ""hello"" | hel'lo | 'hello |
+-------+---------+-----------+--------+--------+
mysql> SELECT "hello", "'hello'", "''hello''", "hel""lo", "\"hello";
+-------+---------+-----------+--------+--------+
| hello | 'hello' | ''hello'' | hel"lo | "hello |
+-------+---------+-----------+--------+--------+
mysql> SELECT 'This\nIs\nFour\nLines';
+--------------------+
| This
Is
Four
Lines |
+--------------------+
mysql> SELECT 'disappearing\ backslash';
+------------------------+
| disappearing backslash |
+------------------------+
If you want to insert binary data (eg BLOB) inside a string column, the following characters must be represented by escape sequences:
| BAD |
NUL bytes (ASCII 0) . This character is represented by ' \0' (a backslash followed by an ASCII '0' character). |
| \ |
Backslash (ASCII 92). Use '\\' to represent this character. |
| ' |
Single quotes (ASCII 39). Use '\'' to represent this character. |
| " |
Double quotes (ASCII 34) . Use '\"' to represent this character. |
When writing applications, strings containing these special characters must be properly escaped before they are used in data values in SQL statements sent to the MySQL server. It can be done in two ways:
· Process strings with functions that escape special characters. For example, in a C program, you can use the mysql_real_escape_string() C API function to escape characters. See Section 25.2.3.52, “mysql_real_escape_string()” . The Perl DBI interface provides a quote method to convert special characters to the correct escape sequences. See Section 25.4, “MySQL Perl API” .
Explicitly escape special characters. Many MySQL APIs provide placeholder functionality that allows you to insert special tokens into query strings and then bind data values to them when you issue a query. In this case, the API cares about special characters in escaped values.