Menu
Community /Pin to ProfileBookmark
@NogDogMay 20.2009 — #MSSQL "escapes" single quotes by doubling them up. Thus magic_quotes_gpc will not help (and in general should be disabled anyway as [a] it's a pain in the butt and [b] will be deprecated and then removed in future releases).
My first recommendation would be to use the PDO extension with prepared statements, but if you need to stick with the mssql extension, you could use something like:
Then use that function to escape any inputs being used in your queries.
Error with Single Quotes when inserting to DB
i got an error when inserting textarea values that contains single quotes to my database.
i used the following to avoid it and still getting errors.
[code=php]
if (!get_magic_quotes_gpc()) {
$s_body = addslashes($_POST[‘body’]);
} else {
$s_body = $_POST[‘body’];
}
even though my get_magic_quotes_gpc() is set to 1 (ON)
Thanks
M
Sign in
to post a comment4 Comments(s) ↴
0
@NogDogMay 20.2009 — #MSSQL "escapes" single quotes by doubling them up. Thus magic_quotes_gpc will not help (and in general should be disabled anyway as [a] it's a pain in the butt and [b] will be deprecated and then removed in future releases).My first recommendation would be to use the PDO extension with prepared statements, but if you need to stick with the mssql extension, you could use something like:
[code=php]
function mssqlEscape($string)
{
if(get_magic_quotes_gpc())
{
$string = stripslashes($string);
}
$search = array("'", "�");
$replace = array("''", "[NULL]");
return str_replace($search, $replace, $string);
}
[/code]Then use that function to escape any inputs being used in your queries.