I'm seeing some weirdness when I try to run a query using PDO. The following code shouldn't return results, but it does:
$safe_path = $this->_databaseConnection->quote($unsafe_path);
$sql = "SELECT * FROM routes WHERE path=$safe_path LIMIT 1";
$statement_handle = $this->_databaseConnection->query($sql);
var_dump($statement_handle->fetchAll());
I'm confused because there aren't single quotes around the $safe_path
variable as there would be if I were using the mysqli extension - but it's working. If I enclose $safe_path
in quotes, no results are returned. This seems strange to me.