Quotes problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
dude81
Forum Regular
Posts: 509
Joined: Mon Aug 29, 2005 6:26 am
Location: Pearls City

Quotes problem

Post by dude81 »

Hello ,
I use oracle database as my main database.

The problem here is we cannot put insert any data with single quotes or double quotes or similar special characters like that.

I have checked oracle website
http://www.oracle.com/technology/tech/ ... insquotes

As far is the problem is I have lot of forms with thousands of variables on the website so I cant use stripslashes or addslashes as a solution.
None of the mentioned solutioin in above url was implemented.

All looks was only first solution looks better, but still there are hundreds of forms should be altered and some thousands of variables
have to be edited.

Is there any other solution ?? :?:
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

as it suggests for number 1:
Use bind variables. This also protects against "SQL Injection" security issues:

Code: Select all

$name = "O'Reilly";
        $stmt = 'INSERT INTO CUSTOMERS (NAME) VALUES (:nm)';
        $stid = OCIParse($mycon, $stmt);
        OCIBindByName($stid, ':nm', $name, -1);
        OCIExecute($stid);
http://us3.php.net/manual/en/function.o ... y-name.php
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

...assuming the application is Oracle specific (which one would assume). If you need multiple database support (hopefully not with Oracle involved) you look into ADOdb. It should automate this level of escaping using bind parameters in its own emulated fashion.
User avatar
dude81
Forum Regular
Posts: 509
Joined: Mon Aug 29, 2005 6:26 am
Location: Pearls City

Post by dude81 »

Code: Select all

as it suggests for number 1:
Can I use a procedure instead of simple query if so how should be the variables written to a procedure
I tried the way it was shown in the oracle faqs but it didnt work
Post Reply