|
|
Posted by Jerry Stuckle on 05/14/07 22:55
Johny Begood wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:QridnSK9BY1wUtrbnZ2dnUVZ_jednZ2d@comcast.com...
>> Johnny BeGood wrote:
>>> "Michael Fesser" <netizen@gmx.de> wrote in message
>>> news:620e43h7j285ii1h6glq2ak8lnoj5gs273@4ax.com...
>>>> // query string with 2 placeholders
>>>> $query = 'INSERT INTO Tasks (TaskType, Details) VALUES (?, ?)'; - this
>>>> throws a field count error, silly me?
>>>>
>>>> // prepare the statement
>>>> $stmt = odbc_prepare($odbc, $query);
>>>>
>>>> // pass all parameters in an array and execute the statement
>>>> if (!odbc_execute($stmt, array($tasktype, $taskdetails))) {
>>>> ...
>>>> }
>>>>
>>>> HTH
>>>> Micha
>> > Hi Micha,
>> >
>> > If I enter didn''t it works, if I enter didn't it comes back with the
>> > same error as before
>> > [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
>> > operator) in query expression ''didn't',
>> >
>> > This is what I have
>> > $query = 'INSERT INTO Tasks (TaskType, Details) VALUES ($tasktype,
>> > $taskdetails)';
>> > $stmt = odbc_prepare($odbc, $query);
>> > if (!odbc_execute($stmt, array($tasktype, $taskdetails)))
>> > {
>> > echo odbc_errormsg();
>> > }
>> >
>> > Where am I going wrong (:
>> >
>> > Cheers
>> >
>>
>> (Top posting fixed)
>>
>> The single quote is defined by SQL as the separator (enclosing
>> character) for string values. The string you're trying to insert, by
>> the time it gets to SQL, would be:
>>
>> 'It didn't work'
>>
>> Note the mismatched single quotes. Some languages, like C and PHP,
>> escape special characters like this with a backslash, i.e.
>>
>> 'It didn\'t work'.
>>
>> SQL does it a little differently - you double the apostrophe, so it
>> comes out as:
>>
>> 'It didn''t work'
>>
>> And this does work just fine.
>>
>> P.S. Please don't top post. Thanks.
>>
>> --
>> ==================
>> Remove the "x" from my email address
>> Jerry Stuckle
>> JDS Computer Training Corp.
>> jstucklex@attglobal.net
>> ==================
>
>
> Hi Jerry,
>
> Thanks for that, how do I get it that the user doesn't have to do
> anything other that type in the word?
> How can I escape special characters at data entry, the site users will
> be typical users, they wont care!
>
> Cheers
>
> PS what is top posting? I've been slapped a few times for this, but
> don't fully understand
>
>
(Top posting fixed)
As others have indicated, you can use prepared statements with
parameters, or you can modify the string just before you insert it into
the database, replacing "'" with "''".
And top posting is placing your response at the top of the message,
instead of the bottom (like this), or (as is usually the case with
longer messages), at appropriate places within the previous message.
A. Because it upsets the flow of the discussion.
Q. Why is it so bad?
A. Top posting.
Q. What is the most annoying thing on usenet?
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|