| Subject | Re: [firebird-php] Escaping strings |
|---|---|
| Author | Milan Babuskov |
| Post date | 2004-02-12T14:49:14Z |
Lester Caine wrote:
To insert value: Shaquille O'Neal, you need to insert the quote. INSERT
statement has to look like this:
insert into NBAplayers(name) values ('Shaquille O''Neal');
The double quote is needed since single quote delimits the value.
The basic problem is that when you submit the value via HTML form, all
quotes are automatically escaped by PHP. The default is a common
backslash escape \. I found that setting magic_quotes_sybase to OFF
gives more control about what's going on, since I don't use EVERY
variable to make sql statement. I just str_replace() on final sql
statement: every \' becomes ''
--
Milan Babuskov
http://fbexport.sourceforge.net
> This really is a most annoying area - single quotes, doubleIt's really a InterBase/Firebird problem, which PHP just tries to avoid.
> quotes, reverse quotes - and all can be mixed up. Wouldn't
> it be nice if a few of the higher characters that are not
> being used were reallocated for this purpose?
To insert value: Shaquille O'Neal, you need to insert the quote. INSERT
statement has to look like this:
insert into NBAplayers(name) values ('Shaquille O''Neal');
The double quote is needed since single quote delimits the value.
The basic problem is that when you submit the value via HTML form, all
quotes are automatically escaped by PHP. The default is a common
backslash escape \. I found that setting magic_quotes_sybase to OFF
gives more control about what's going on, since I don't use EVERY
variable to make sql statement. I just str_replace() on final sql
statement: every \' becomes ''
--
Milan Babuskov
http://fbexport.sourceforge.net