Posted by nick.bonadies on 04/11/07 18:20

On Apr 11, 10:45 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
> nick.bonadies wrote:
> > I'm trying to deal with user inputs of single quotes into form fields
> > that get input into a MSSQL database. So far I have discovered that
> > if I turn on magic_quotes_sybase in my php.ini file PHP will correctly
> > escape the single quotes.
>
> Argh! Don't do that!
>
> Just use str_replace("'", "''", $data) on data before you send it to the
> database and don't do anything on the returned data.
>
> --
> Toby A Inkster BSc (Hons) ARCS
> Contact Me ~http://tobyinkster.co.uk/contact
> Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux
>
> * = I'm getting there!

Hmm actually, one problem, it works for inputting data but when i get
data back i still get a double single quote, so again my view still
looks like O''Brien, instead of O'Brien. should i just run
str_replace(); on the view? or is there an easier solution?

• Next in forum: Re: Date subtraction
• Prev in forum: Re: Single quotes in MSSQL
• Thread view: Re: Single quotes in MSSQL

[Reply to this message]