Does anyone know how to escape quotes from a string for insertion into a database?
Let's say there is a field called 'title' in which the user types the following:
Bob's "fantastic" title
or something to that effect. I want to be able to save that in a database (microsoft server). I know that I need to escape all the single and double quotes before I can insert it.
I have tried the following:
$report_title=addslashes($_SESSION['rptTitle']);
//this only escaped the single quote
so i tried eregi_replace, but wasn't sure how to make it work properly in this instance.
$noquotes=eregi_replace("\"","\\"",$report_title);
//i know that is wrong, but i want to prepend all quotes with an escape. Any thoughts?
Thanks
[EDIT]
Not solved yet, but I just remembered I have to use 2 single quotes to escape a single qoute in msServer
[/EDIT]
escaping quotes from a string for database insertion
Moderator: General Moderators
I figured it should too, but for some reason it is not. Does anyone know if a string containing a combination of single and double quotes will only addslashes to one but not the other? This is what appears to be happening in my case.Bech100 wrote:Add slashes DOES workFrom manual wrote: string addslashes ( string str)
Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
However, I did edit my original post immediately and said that I figured slashes wouldn't do it anyway.
escape quotes by prepending a single quote to the front of each for msServer to be happy.
Any thoughts?