Problem Getting MS SQL Data With Single Quotes

13/09/2007, 20h31

I'm having difficulty getting data out of MS SQL Server via a PHP
database call. When I look in the database, it crashes on the line
where there is a single quote in the database. I've seen several
articles about addslashes/stripslashes and str_replace for MS SQL.
Had the data been put in the right way, there would be no problem.
Or, if I had rights to use UPDATE/SET to modify all lines with single
quotes, again there would be no problem. The problem is there is no
way for me to change the data already stored in MS SQL. I can only
read it, and IT won't let me change it. (Gotta love corporate
America, but I digress). So now that the data is there, how can I
retrieve it when it has a single quote in the data? Am I missing
something? Please .

=====
Query sample:

$query1 = "SELECT * FROM table WHERE Name = '" .
addslashes($name) ."' ";
$result1 = db_query($query1, $DBLink) or die ('Error: Database
error !');
while ($row1 = db_fetch_assoc($result1)) {
echo ( ($k++ == 0) ? (stripslashes($row1['WCUSNO'])) :
("," . stripslashes_mssql($row1['WCUSNO'])) );
}

=====
Data sample (Name):

John Doe
John Q Public
Tom's Bait Shop <---- This is where it dies, due to the
apostrophe / single quote

Thanks for your .

Eddie

14/09/2007, 00h32

On Thu, 13 Sep 2007 19:31:39 -0000, Eddie wrote:

> $query1 = "SELECT * FROM table WHERE Name = '" .
>addslashes($name) ."' ";

For MSSQL, you want to escape ' by putting '' like so:

str_replace("'", "''", $name)
--
Ross McKay, Toronto, NSW Australia
"Let the laddie play wi the knife - he'll learn"
- The Wee Book of Calvin

13/09/2007, 20h31	#1
Eddie Messages: n/a Hébergeur:	Problem Getting MS SQL Data With Single Quotes I'm having difficulty getting data out of MS SQL Server via a PHP database call. When I look in the database, it crashes on the line where there is a single quote in the database. I've seen several articles about addslashes/stripslashes and str_replace for MS SQL. Had the data been put in the right way, there would be no problem. Or, if I had rights to use UPDATE/SET to modify all lines with single quotes, again there would be no problem. The problem is there is no way for me to change the data already stored in MS SQL. I can only read it, and IT won't let me change it. (Gotta love corporate America, but I digress). So now that the data is there, how can I retrieve it when it has a single quote in the data? Am I missing something? Please . ===== Query sample: $query1 = "SELECT * FROM table WHERE Name = '" . addslashes($name) ."' "; $result1 = db_query($query1, $DBLink) or die ('Error: Database error !'); while ($row1 = db_fetch_assoc($result1)) { echo ( ($k++ == 0) ? (stripslashes($row1['WCUSNO'])) : ("," . stripslashes_mssql($row1['WCUSNO'])) ); } ===== Data sample (Name): John Doe John Q Public Tom's Bait Shop <---- This is where it dies, due to the apostrophe / single quote Thanks for your . Eddie

14/09/2007, 00h32	#2
Ross McKay Messages: n/a Hébergeur:	Re: Problem Getting MS SQL Data With Single Quotes On Thu, 13 Sep 2007 19:31:39 -0000, Eddie wrote: > $query1 = "SELECT * FROM table WHERE Name = '" . >addslashes($name) ."' "; For MSSQL, you want to escape ' by putting '' like so: str_replace("'", "''", $name) -- Ross McKay, Toronto, NSW Australia "Let the laddie play wi the knife - he'll learn" - The Wee Book of Calvin

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email