Mssql Addslashes on login script
Posted: Tue Nov 09, 2004 8:36 am
Hi All,
Really need some help on that one:
I am running php + mssql + apache on windows xp.
Everyhting works fine apart from this..
I have users and password in mssql table.
Username or password can contain weird character as ' (single quote), ";" etc etc...
When trying to check if username is valid or not I am in trouble.
I tried to use the:
$newpostedusername=addslashes($_POST["username"]);
But this is not working in mssql
I also tried
$newpostedusername = str_replace("'", "''", $newpostedusername);
$newpostedusername = str_replace('"', "'+String.fromCharCode(34)+'", $newpostedusername);
but get an erro message as:
mssql_query(): message: Unclosed quotation mark before the character string 'USERNAME\'''. (severity 15) .
A current user name is sc' ..
How can i check this??
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
stef
Really need some help on that one:
I am running php + mssql + apache on windows xp.
Everyhting works fine apart from this..
I have users and password in mssql table.
Username or password can contain weird character as ' (single quote), ";" etc etc...
When trying to check if username is valid or not I am in trouble.
I tried to use the:
$newpostedusername=addslashes($_POST["username"]);
But this is not working in mssql
I also tried
$newpostedusername = str_replace("'", "''", $newpostedusername);
$newpostedusername = str_replace('"', "'+String.fromCharCode(34)+'", $newpostedusername);
but get an erro message as:
mssql_query(): message: Unclosed quotation mark before the character string 'USERNAME\'''. (severity 15) .
A current user name is sc' ..
How can i check this??
PLEASE HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
stef