DB_common::quoteIdentifier() – Formats a string so it can be safely used as an identifier


string quoteIdentifier ( string $str )


Format input so it can be safely used as a delimited identifier in a query. Identifiers are objects such as table or column names.

The format returned depends on the database type being used.

Delimited identifiers are known to generally work correctly under the following drivers:

  • mssql
  • mysql
  • mysqli
  • oci8
  • odbc(access)
  • odbc(db2)
  • pgsql
  • sqlite
  • sybase

InterBase doesn't seem to be able to use delimited identifiers via PHP 4. They work fine under PHP 5.


string $str

the input to be quoted

Return value

string - the formatted string


This function can not be called statically.

Function available since: Release 1.6.0

Just because you CAN use delimited identifiers doesn't mean you SHOULD use them. In general, they end up causing way more problems than they solve.

Portability is broken by using the following characters inside delimited identifiers:

  • backtick (`) -- due to MySQL
  • double quote (") -- due to Oracle
  • brackets ([ or ]) -- due to Access


Using quoteIdentifier()

// Once you have a valid DB object named $db...
$sql 'SELECT ' $db->quoteIdentifier('company name')
', address FROM clients';

$res =& $db->query($sql);
DEPRECATED: Quotes a string (Previous) Formats input so it can be safely used as a literal (Next)
Last updated: Sat, 16 Feb 2019 — Download Documentation
Do you think that something on this page is wrong? Please file a bug report.
View this page in:
  • English

User Notes:

There are no user contributed notes for this page.