Page 1 of 1

MSSQL Insertion problem....

Posted: Tue May 29, 2007 4:40 am
by ghadacr
Right folkes,

The problem lies here, the insertion of data into the database works fine, when i started to do some testing and enter a piece of data with ' in use i get the following error message:
Warning: mssql_query() [function.mssql-query]: message: Line 1: Incorrect syntax near '1'.
If any one is got some PHP code to solve this issue will be most welcomed, thanks in advance....

Posted: Tue May 29, 2007 6:48 am
by mentor
use addslashes() on the data where you are expecting '.

Posted: Tue May 29, 2007 8:28 am
by feyd
Be aware that there are ways of bypassing addslashes()' escapement routines in some (maybe all) versions of PHP.

Posted: Tue May 29, 2007 8:42 am
by superdezign
Does mssql not have an escape_string function?

Posted: Tue May 29, 2007 8:43 am
by feyd
Not natively.

Posted: Tue May 29, 2007 10:48 am
by RobertGonzalez
There is little development on the mssql/sybase family of functions. I think PDO has an escape functionality for each RDBMS, but you would need to install the PDO extensions and have the PDO drivers installed before using it.

You could always write your own escape tool.

Posted: Tue May 29, 2007 11:52 am
by mentor
feyd wrote:Be aware that there are ways of bypassing addslashes()' escapement routines in some (maybe all) versions of PHP.
Can you please elaborate this?

Posted: Tue May 29, 2007 11:55 am
by feyd
mentor wrote:Can you please elaborate this?
Sure. Thread posted by Chris Shiflett titled "Fun with addslashes()" viewtopic.php?t=43203

Posted: Tue May 29, 2007 12:10 pm
by mentor
Thanks feyd.