Hi all,
I want to escape backslashes in the below query - DB is MS SQL Server so addslashes() no use.
The problem is here… 'O\\\‘Co’,
MS SQL Server won’t accept it.
INSERT INTO training(class_ID, ffnumber, firstname, surname, attended, passed, date_reg) VALUES('7026', 'ff18728', 'Ann', 'O\\\\\\'Co', 'No', 'No', {fn NOW()}) ESCAPE '\\'
Any ideas?
Thanks.
insert into surnames values ( 'O''Brien' )
note that this is the standard sql way of escaping single quotes – and mysql supports it too (that backslash crap is mysql proprietary)
Added the extra quote but 3 backslashes are then inserted into SQL SERVER table.
The first time the value is passed in a form it is set to…
O\'Co
Then once its passed again its set to O\\\'Co
and the query becomes…
$query = "INSERT INTO training(class_ID, ffnumber, firstname, surname, attended, passed, date_reg) ".
"VALUES('$class', '$ffnumber', '$firstname', '$surname', 'No', 'No', {fn NOW()})";
echoes out…
INSERT INTO training(class_ID, ffnumber, firstname, surname, attended, passed, date_reg) VALUES(‘7026’, ‘ff18728’, ‘Ann’, 'O\\\‘Co’, ‘No’, ‘No’, {fn NOW()})
i don’t see any backslashes in the example in post #2
$ffnumber = O\\\'Co
And in the query I am using $ffnumber as a value.
Is there a way of removing the backslashes and inserting the value like this…
O’Co
Thanks
Hi,
You should replace the ’ with ‘’ for escabing (')
like below
‘7026’, ‘ff18728’, ‘Ann’, ‘O’‘Co’, ‘No’, ‘No’, {fn NOW()}
And for replacing a character use replace as below
select replace(@str,‘\’,‘’)
there’s your problem – don’t do that
Also, make sure to turn off Magic Quotes GPC. Probably the most horrible feature of PHP. Well maybe Register Globals is.
Thanks. This helps anyway…
$surname = stripslashes($surname);
$surname = str_replace("'", "''", $surname);
$surname = stripslashes($surname);
Until you have input with legitimite slashes . . .
how you mean?
Lets say the input is ‘c:\folder\file.ext’
StripSlashes() would reduce that to ‘c:folderfile.ext’
Get it now?