473,387 Members | 1,574 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > single quotes in mssql

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Single quotes in MSSQL

I'm trying to deal with user inputs of single quotes into form fields
that get input into a MSSQL database. So far I have discovered that
if I turn on magic_quotes_sybase in my php.ini file PHP will correctly
escape the single quotes. The problem happens when I am trying to
retrieve data from the database, PHP will try to comment out what it
has already commented out, instead of stripping the extra single
quote.

So as an example, if someone enters O'Brien as their name into the
form PHP send O''Brien to the database to be stored. Now when I have
say, a list of users in the database on another page PHP outputs
O''''Brien because it is trying to compensate for the single quotes.

Is there any sort of function like stripslashes(); but for single
quotes?

Thanks so much for any and all help! This is driving me up the wall!

Apr 11 '07 #1
7 10518
nick.bonadies wrote:
I'm trying to deal with user inputs of single quotes into form fields
that get input into a MSSQL database. So far I have discovered that
if I turn on magic_quotes_sybase in my php.ini file PHP will correctly
escape the single quotes.
Argh! Don't do that!

Just use str_replace("'", "''", $data) on data before you send it to the
database and don't do anything on the returned data.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Apr 11 '07 #2
On Apr 11, 10:45 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
nick.bonadies wrote:
I'm trying to deal with user inputs of single quotes into form fields
that get input into a MSSQL database. So far I have discovered that
if I turn on magic_quotes_sybase in my php.ini file PHP will correctly
escape the single quotes.

Argh! Don't do that!

Just use str_replace("'", "''", $data) on data before you send it to the
database and don't do anything on the returned data.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
yeah that makes much more sense! thank you!

nick

Apr 11 '07 #3
On Apr 11, 10:45 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
nick.bonadies wrote:
I'm trying to deal with user inputs of single quotes into form fields
that get input into a MSSQL database. So far I have discovered that
if I turn on magic_quotes_sybase in my php.ini file PHP will correctly
escape the single quotes.

Argh! Don't do that!

Just use str_replace("'", "''", $data) on data before you send it to the
database and don't do anything on the returned data.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Hmm actually, one problem, it works for inputting data but when i get
data back i still get a double single quote, so again my view still
looks like O''Brien, instead of O'Brien. should i just run
str_replace(); on the view? or is there an easier solution?

Apr 11 '07 #4
nick.bonadies wrote:
Hmm actually, one problem, it works for inputting data but when i get
data back i still get a double single quote, so again my view still
looks like O''Brien, instead of O'Brien.
This means that the actual data in your database has two apostrophes. Fix
that and you'll be sorted.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact
Geek of ~ HTML/SQL/Perl/PHP/Python*/Apache/Linux

* = I'm getting there!
Apr 12 '07 #5
Toby A Inkster wrote:
>
This means that the actual data in your database has two apostrophes. Fix
that and you'll be sorted.
Correct, but when I use str_replace("'", "''", $data); to replace
single quotes in my data, it adds the extra quote to the database
entry.... i guess i'm doing something very wrong... thanks so much
for your help thus far!
Apr 12 '07 #6
Toby A Inkster wrote:
>
This means that the actual data in your database has two apostrophes. Fix
that and you'll be sorted.
Here is some sample code:

$queryAddRecord = "INSERT INTO tbl_employees(firstName, lastName)
VALUES(";
if (!empty($_POST['firstName']))
{
$queryAddRecord .= "'".$_POST['firstName']."',";
}
else {$queryAddRecord .="Null,";}

if (!empty($_POST['lastName']))
{
$queryAddRecord .= '"'.str_replace("'", "''",
$_POST['lastName']).'",';
}
else {$queryAddRecord .="Null,";}
$dbresults = mssql_query($queryAddRecord);

So if you feed that Erin O'Brien, it inputs Erin for the first name
and O''Brien as the last name. Then when i call it back i use
something like this:

<?php
$queryFullTimeemployees = "SELECT firstName, lastName FROM
tbl_employees ORDER BY lastName ASC";
$dbFullTime = mssql_query($queryFullTimeemployees);
?>

then display the records:

<table>
<?php
// List the departments from the DB
//display the results
while($row = mssql_fetch_array($dbFullTime)){
$pageAddress = "employees_edit.php?id=".trim($row['id']);
echo "<tr>
<td>".trim($row['lastName'])."</td>
<td>".trim($row['firstName'])."</td>
</tr>" ;
}
?>
</table>

Apr 12 '07 #7
$queryAddRecord = "INSERT INTO tbl_employees(firstName, lastName)
VALUES(";
if (!empty($_POST['firstName']))
{
$queryAddRecord .= "'".$_POST['firstName']."',";
}
else {$queryAddRecord .="Null,";}

if (!empty($_POST['lastName']))
{
$queryAddRecord .= '"'.str_replace("'", "''",
$_POST['lastName']).'",';
}
I figured it out. Its the '"' part, it should be "'".str_replace....

Thanks for the help! I appreciate it.

Apr 12 '07 #8
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
preg functions: use single or double quotes?
by: sinister | last post by:
The examples in the online manual all seem to use double quotes, e.g. at http://us3.php.net/preg_replace Why? (The behavior is different with single quotes, and presumably simpler to...
PHP
11
Replacing double quotes with single quotes
by: Jakanapes | last post by:
Hi all, I'm looking for a way to scan a block of text and replace all the double quotes (") with single quotes ('). I'm using PHP to pull text out of a mySQL table and then feed the text into...
PHP
4
novice help! (single quote escaping)
by: sankofa | last post by:
hi, i can't seem to be able to escape my single quote properly... is it even possible in javascript? this is a portion of my code.. var DLEWIS="Pastor Lewis"; .... Sermon is a yser-defined...
Javascript
5
Single & Double Quotes
by: Joel | last post by:
Hi, I incorporated a function in my code that whenever I use a string variable in an sql statement if the string contains a single quote it will encase it in double quotes else single quotes. ...
MySQL Database
4
How do I escape single tick marks in XPath Queries?
by: Greg | last post by:
I keep getting an error when I have a tick mark in a text value that I am searching for in my XPath Query. Example: <Authors> <Author LastName="O'Donnel"> <Author LastName="Smith">...
.NET Framework
3
Quicker/automated way to process single quotes in an INSERT statement?
by: Jason | last post by:
I have several tables with quite a few fields and I'm getting errors when trying to insert records with single quotes in the data like: name = John O'Henry or a city name of O'Fallen So I went...
Microsoft Access / VBA
4
Replacing Double quotes with TWO Single Quotes
by: Justin Fancy | last post by:
Hi everyone, I need to replace all instances of a double quote(") with two single quotes('') in a text file. I already have some replacements of strings going on, but I tried this one, but the...
Visual Basic .NET
4
Converting Numbers to Single Quotes
by: chopin | last post by:
I am using Visual Basic for Applications to convert a number to the same number of single quotes. For example, if the number is 6, then I need 6 single quotes in succession. The logic is easy: ...
Visual Basic 4 / 5 / 6
2
How do you interpret single quote embedded in double quote embedded in single quote?
by: Reporter | last post by:
I got the following example from http://www.evolt.org/article/User_Friendly_Forms_in_PHP/20/60144/index.html : echo '<tr><td>First name:</td><td><input type="text" name="first_name"...
PHP
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!