| Subject | Re: [firebird-support] Possible to disable or change SQL statement comment syntax? |
|---|---|
| Author | Milan Babuskov |
| Post date | 2005-06-14T16:17:37Z |
Kevin Hamilton wrote:
quoted the string correctly:
$sql = 'UPDATE mytable set fieldname=\'system error: \'\'--cannot process
command\'\'\' where id = 1';
or
$sql = "UPDATE mytable set fieldname='system error: ''--cannot process
command''' where id = 1";
If you got the statement by submitting the form, then probably PHP did the
conversion of ' to \'. This is controlled by magic_quotes_sybase setting in
php.ini file.
Please join firebird-php mailing list to get a better help with PHP-specific
problems.
--
Milan Babuskov
http://fbexport.sourceforge.net
http://www.flamerobin.org
> Using Firebird with PHP, I recently ran into a problem which I know wasThis is PHP specific. If you wrote it in your code, you should check if you
> programmer error...instead of escaping the quotes in a string with a
> quote, it was escaped with a backslash. Unfortunately, the problem was
> further compounded by a -- following the improperly escaped quote.
>
> So a SQL statement that should have been something like:
> UPDATE mytable set fieldname='system error: ''--cannot process
> command''' where id=1
>
> Became:
> UPDATE mytable set fieldname='system error: \'--cannot process
> command\'' where id=1
quoted the string correctly:
$sql = 'UPDATE mytable set fieldname=\'system error: \'\'--cannot process
command\'\'\' where id = 1';
or
$sql = "UPDATE mytable set fieldname='system error: ''--cannot process
command''' where id = 1";
If you got the statement by submitting the form, then probably PHP did the
conversion of ' to \'. This is controlled by magic_quotes_sybase setting in
php.ini file.
Please join firebird-php mailing list to get a better help with PHP-specific
problems.
--
Milan Babuskov
http://fbexport.sourceforge.net
http://www.flamerobin.org