escaping quotes from a string for database insertion

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
conundrum
Forum Newbie
Posts: 15
Joined: Sun Jun 29, 2003 12:18 pm
Location: Ontario, Canada

escaping quotes from a string for database insertion

Post by conundrum »

Does anyone know how to escape quotes from a string for insertion into a database?

Let's say there is a field called 'title' in which the user types the following:

Bob's "fantastic" title

or something to that effect. I want to be able to save that in a database (microsoft server). I know that I need to escape all the single and double quotes before I can insert it.

I have tried the following:
$report_title=addslashes($_SESSION['rptTitle']);
//this only escaped the single quote

so i tried eregi_replace, but wasn't sure how to make it work properly in this instance.
$noquotes=eregi_replace("\"","\\"",$report_title);
//i know that is wrong, but i want to prepend all quotes with an escape. Any thoughts?

Thanks

[EDIT]
Not solved yet, but I just remembered I have to use 2 single quotes to escape a single qoute in msServer
[/EDIT]
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

From manual wrote: string addslashes ( string str)


Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
Add slashes DOES work
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Also mysql_escape_string().
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

I don't think that SQLServer will understand the \ escaping, You will probably only need to escape single quotes by doubling them up.. double quotes are not usually an issue.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

True.
conundrum
Forum Newbie
Posts: 15
Joined: Sun Jun 29, 2003 12:18 pm
Location: Ontario, Canada

Post by conundrum »

Bech100 wrote:
From manual wrote: string addslashes ( string str)


Returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
Add slashes DOES work
I figured it should too, but for some reason it is not. Does anyone know if a string containing a combination of single and double quotes will only addslashes to one but not the other? This is what appears to be happening in my case.

However, I did edit my original post immediately and said that I figured slashes wouldn't do it anyway.

escape quotes by prepending a single quote to the front of each for msServer to be happy.

Any thoughts?
Post Reply