pheromix
Reputation: 19287
How to escape quotes in this case?
I want to return a new string after replacing any CHAR(10) by "\n" inside a string passed as the parameter of a function :
function executerCalcul($initial_string)
{
$ret = "";
$conn = new mysqli(BDD_SERVER, BDD_USER, BDD_PWD, BDD_NAME);
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}
if (stripos($initial_string, "'") === false)
$sql = "SELECT REPLACE('$initial_string', char(10 using utf8),'\n') as resultat";
else
{
// how to write correctly $sql here because we are here in the case when there are single quotes inside the string parameter
}
$rs = $conn->query($sql);
if($rs === false) {
trigger_error('Wrong SQL: ' . $sql . ' Error: ' . $conn->error, E_USER_ERROR);
} else {
$rows_returned = $rs->num_rows;
}
$rs->data_seek(0);
while($row = $rs->fetch_assoc()) {
$ret .= $row['resultat'];
}
$rs->free();
return $ret;
}
So how to escape single quotes in the case the string parameter contains single quotes ?
Upvotes: 0
Views: 93
Answers (2)
Sebastian Lange
Reputation: 4029
Within the SQL Standard a double single quote '' shall be used.
But there is still the mysql_real_escape_string function.
Upvotes: 1
SteveB
Reputation: 404
Use built-in functions as shown in documentation.
For example:
$new_query = $conn->real_escape_string($query);
and then execute the SQL normally.
Upvotes: 1
Related Questions
- How to escape single quotes in MySQL?
- escape from single quotes data in mysql query
- mysql escaping single and double quotes
- Right way to escape string after replacing quotes?
- PHP How add quotes?
- Mixing quotes in PHP
- MySql ENCLOSED BY double quote
- single quotes inside double quotes php
- How to escape quotes in a MYSQL query?
- escape single quotes