Escaping in MSSQL
Posted: Tue Apr 14, 2009 11:25 am
I have a simple query where I am passing in some GPC data like so:
addslashes() doesn't seem to do the trick. The field is actually labeled SUV's and therefore I cannot strip the single quote otherwise the search will fail.
How do I escape the SQL query so I may include the 's in the query?
Cheers,
Alex
Code: Select all
$name = addslashes($name);
$sql = "SELECT mcats_id FROM MBR__CLASSIFIED_ADVT__TYPE__SUB WHERE mcats_type = '$name' AND mcat_id = '$cat_primary'";
$res = odbc_exec($odbc_ptr, $sql);How do I escape the SQL query so I may include the 's in the query?
Cheers,
Alex