Code: Select all
function mssql_escape_string($string_to_escape) //Cleans URL variables for MSSQL use
{
$replaced_string = str_replace("'","''",$string_to_escape);
return $replaced_string;
}Code: Select all
//Open and sanitize file
$fp = fopen($filename, 'r');
$content = fread($fp, filesize($filename));
$content = mssql_escape_string($content);Code: Select all
//Form query
$query = "INSERT INTO Images(Filecontent, AlternateText, ReleaseID) VALUES('$content', '$filetitle', '$releaseid')";
mssql_query($query);Code: Select all
Warning: mssql_query(): message: Unclosed quotation mark after the character string 'ÿØÿà'. (severity 15) in D:\Inetpub\wwwroot\managepressreleases\functions.php on line 413 Warning: mssql_query(): message: Incorrect syntax near 'ÿØÿà'. (severity 15) in D:\Inetpub\wwwroot\managepressreleases\functions.php on line 413 Warning: mssql_query(): Query failed in D:\Inetpub\wwwroot\managepressreleases\functions.php on line 413*EDIT*
And please don't suggest saving the file in another location instead of inserting into a database, I have my reasons for doing this. Thank you.