|
|
Posted by ZeldorBlat on 09/13/07 19:39
On Sep 13, 3:35 pm, Eddie <eddieandr...@gmail.com> wrote:
> I'm having difficulty getting data out of MS SQL Server via a PHP
> database call. When I look in the database, it crashes on the line
> where there is a single quote in the database. I've seen several
> articles about addslashes/stripslashes and str_replace for MS SQL.
> Had the data been put in the right way, there would be no problem.
> Or, if I had rights to use UPDATE/SET to modify all lines with single
> quotes, again there would be no problem. The problem is there is no
> way for me to change the data already stored in MS SQL. I can only
> read it, and IT won't let me change it. (Gotta love corporate
> America, but I digress). So now that the data is there, how can I
> retrieve it when it has a single quote in the data? Am I missing
> something? Please help.
>
> =====
> Query sample:
>
> $query1 = "SELECT * FROM table WHERE Name = '" .
> addslashes($name) ."' ";
> $result1 = db_query($query1, $DBLink) or die ('Error: Database
> error !');
> while ($row1 = db_fetch_assoc($result1)) {
> echo ( ($k++ == 0) ? (stripslashes($row1['WCUSNO'])) :
> ("," . stripslashes_mssql($row1['WCUSNO'])) );
> }
>
> =====
> Data sample (Name):
>
> John Doe
> John Q Public
> Tom's Bait Shop <---- This is where it dies, due to the
> apostrophe / single quote
>
> Thanks for your help.
>
> Eddie
MSSQL doesn't escape single quotes with a backslash. It escapes
single quotes with another single quote. So, instead of:
addslashes($name)
you want:
str_replace("'", "''", $name)
Navigation:
[Reply to this message]
|