How to run a PDO/ODBC/PHP query with double quote in it? -

when run following simple query inside microsoft access:

select * movie moviename 'batman'   

it works.

also using double quotes around string works:

select * movie moviename "batman" 

i have website user can type in any select query php run , returning record results user. use pdo/odbc connect access database. if user types in query 1 works, query 2 fails with:

[microsoft][odbc microsoft access driver] few parameters. expected 1. (sqlexecute[-3010] @ ext\pdo_odbc\odbc_stmt.c:254)

the documentation says quote() function:

"not pdo drivers implement method (notably pdo_odbc). consider using prepared statements instead."

but can't use prepared statement don't know query user type in. use '...' around string , "...".

to reproduce need access (.mdb/.accdb) database @ least 1 table called 'film' , column 'titel'. put records in it. @ least 1 'batman'. use following testscript:

//also using older access version of database "film.mdb" didn't work //be sure use full/absolute pathname $dbnamefile="c:\\wamp\\www\\elearning2\\databases\\film.accdb"; $username=""; $password=""; $accessdriver="{microsoft access driver (*.mdb, *.accdb)}"; $dbdb = new pdo("odbc:driver=$accessdriver;dbq=$dbnamefile", $username, $password,                  array(pdo::attr_errmode => pdo::errmode_exception));  //testcases, comment 1 //testcase 1: works $sql="select * film titel 'batman'";  //testcase 2: works $sql='select * film titel \'batman\'';  //testcase 3: count field incorrect: -3010 [microsoft][odbc microsoft access driver] few parameters. expected 1. $sql="select * film titel \"batman\"";  //testcase 4: count field incorrect: -3010 [microsoft][odbc microsoft access driver] few parameters. expected 1. $sql='select * film titel "batman"';  //testcase 5: syntax error (missing operator) in query expression 'titel \[batman\]  $sql='select * film titel \"batman\"';  //testcase 6: syntax error (missing operator) in query expression 'titel []batman[] $sql='select * film titel ""batman""';  $result=$dbdb->query($sql); $rows=$result->fetchall(pdo::fetch_assoc);   $result->closecursor();  foreach($rows $row) {   echo $row["titel"]."\n";   echo "<br>"; }  $dbdb=null; 

how can escape user given sql query php/pdo/odbc/access? or not possible use "..." string delimiter, despite working in access?

i find error messages testcase 5 , 6 odd. looks double quote changed [ or ]??

i can't use bind parameters, prepared statements or rewrite query because query totally unknown , given user , can contain syntax error(s). can't modify user query , want executed pdo/odbc how?

i use apache 2.4.9 , php 5.5.12 running locally on windows 7 sp1 machine.

i posted official php bug report

here's proof query 1 , 2 both work in access: