escaping quotes from a string for database insertion
Posted: Tue Nov 18, 2003 2:12 pm
Does anyone know how to escape quotes from a string for insertion into a database?
Let's say there is a field called 'title' in which the user types the following:
Bob's "fantastic" title
or something to that effect. I want to be able to save that in a database (microsoft server). I know that I need to escape all the single and double quotes before I can insert it.
I have tried the following:
$report_title=addslashes($_SESSION['rptTitle']);
//this only escaped the single quote
so i tried eregi_replace, but wasn't sure how to make it work properly in this instance.
$noquotes=eregi_replace("\"","\\"",$report_title);
//i know that is wrong, but i want to prepend all quotes with an escape. Any thoughts?
Thanks
[EDIT]
Not solved yet, but I just remembered I have to use 2 single quotes to escape a single qoute in msServer
[/EDIT]
Let's say there is a field called 'title' in which the user types the following:
Bob's "fantastic" title
or something to that effect. I want to be able to save that in a database (microsoft server). I know that I need to escape all the single and double quotes before I can insert it.
I have tried the following:
$report_title=addslashes($_SESSION['rptTitle']);
//this only escaped the single quote
so i tried eregi_replace, but wasn't sure how to make it work properly in this instance.
$noquotes=eregi_replace("\"","\\"",$report_title);
//i know that is wrong, but i want to prepend all quotes with an escape. Any thoughts?
Thanks
[EDIT]
Not solved yet, but I just remembered I have to use 2 single quotes to escape a single qoute in msServer
[/EDIT]