| Subject | RE: [ib-support] Insert String question: more detail |
|---|---|
| Author | Martijn Tonies |
| Post date | 2002-04-24T13:50:22Z |
Hi,
Create a routine that replaces the single quote with two single quotes.
eg: Dave's Company --> Dave''s Company
Martijn Tonies
InterBase Workbench - the developer tool for InterBase and Firebird
http://www.interbaseworkbench.com
If a user enters into a form <input name="company" type='text'>
Company_name: Dave's Company
A single quote is used to show ownership.
The php variable $company is placed within an insert statement.
$sqlstring="Insert into Customers(customer_no,company_name)values
(gen_id(gen_customer_no,1),'$company');";
.execute($sqlstring)
This works fine as long as the user doesnt enter a single quote in
the Company name field. How can the user enter a single quote without
generating an error?
Create a routine that replaces the single quote with two single quotes.
eg: Dave's Company --> Dave''s Company
Martijn Tonies
InterBase Workbench - the developer tool for InterBase and Firebird
http://www.interbaseworkbench.com
If a user enters into a form <input name="company" type='text'>
Company_name: Dave's Company
A single quote is used to show ownership.
The php variable $company is placed within an insert statement.
$sqlstring="Insert into Customers(customer_no,company_name)values
(gen_id(gen_customer_no,1),'$company');";
.execute($sqlstring)
This works fine as long as the user doesnt enter a single quote in
the Company name field. How can the user enter a single quote without
generating an error?