Reputation: 1305
str_replace and SQL Server queries with PHP
I used to do ASP (vbscript) Programming, and have recently tried to start using PHP. I used to have a function in ASP that allowed to to replace ' with ''.
This was used for queries with a SQL Server database. I was just wondering if it is as easy to use something like this for PHP. I am aware of addslashes and stripslashes but it doesn't really serve the exact purpose I want.
Say I had a simple query like:
$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE %s SET DataText = ('%s') WHERE PageID = '%d'",
$dbTABLE,
$PageHTML,
$PageID);
Is there a way to wrap it in something like str_replace to tell it that all ' should be replaced with ''?
I know I could search for it with a SQL Server query, but it needs to be before the data from a textarea is put into the database.
Upvotes: 0
Views: 1496
Answers (1)
Reputation: 272156
Yes, you can use the str_replace function:
str_replace("'", "''", "Neil O'Brien")
The example code you posted would look like:
$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE [%s] SET DataText = '%s' WHERE PageID = %d",
$dbTABLE,
str_replace("'", "''", $PageHTML),
$PageID);
I suggest using some kind of library instead of building queries yourself.
Upvotes: 2
Related Questions
- SQL Server Escape String
- How to escape MS-SQL output in html/php?
- How to escape strings in SQL Server using PHP?
- How to escape single quotes in php for tsql string (ms sql)
- Php to MsSql query - escape quotes (') issue
- How do you escape quotes in a sql query using php?
- Escaping reserved SQL Server keywords through PHP
- How to escape & and ' in mssql and Php?
- How to escape symbols in SQL query?
- Sql Server 2008 and PHP - sqlsvr_escape_string?