I’ve written a program for my company which retreives an email from a mailbox, inserts the content into an MSSQL table, then deletes the email.
In MSSQL you need to escape the ’ character by using another ’ character. I have therefore used the following code to make the content db safe:
$emailContent = str_replace("'", "''", $emailContent);
This normally avoids any insertion errors. However, after receiving a large HTML encoded email I received the following error message:
PHP Warning: mssql_query(): message: Unclosed quotation mark after the character string 'View online version: <[Redirect Error](http://click.news.spiceworks.com/?qs)'. (severity 15)
Unfortunately the email was deleted before I got a chance to examine it properly. Would anyone be able to tell me some extra measures I could take to make the content db safe?