Problem Getting MS SQL Data With Single Quotes

Problem Getting MS SQL Data With Single Quotes

am 13.09.2007 21:35:40 von Eddie

I'm having difficulty getting data out of MS SQL Server via a PHP
database call. When I look in the database, it crashes on the line
where there is a single quote in the database. I've seen several
articles about addslashes/stripslashes and str_replace for MS SQL.
Had the data been put in the right way, there would be no problem.
Or, if I had rights to use UPDATE/SET to modify all lines with single
quotes, again there would be no problem. The problem is there is no
way for me to change the data already stored in MS SQL. I can only
read it, and IT won't let me change it. (Gotta love corporate
America, but I digress). So now that the data is there, how can I
retrieve it when it has a single quote in the data? Am I missing
something? Please help.

=====
Query sample:

$query1 = "SELECT * FROM table WHERE Name = '" .
addslashes($name) ."' ";
$result1 = db_query($query1, $DBLink) or die ('Error: Database
error !');
while ($row1 = db_fetch_assoc($result1)) {
echo ( ($k++ == 0) ? (stripslashes($row1['WCUSNO'])) :
("," . stripslashes_mssql($row1['WCUSNO'])) );
}

=====
Data sample (Name):

John Doe
John Q Public
Tom's Bait Shop <---- This is where it dies, due to the
apostrophe / single quote

Thanks for your help.

Eddie

Re: Problem Getting MS SQL Data With Single Quotes

am 13.09.2007 21:39:03 von zeldorblat

On Sep 13, 3:35 pm, Eddie wrote:
> I'm having difficulty getting data out of MS SQL Server via a PHP
> database call. When I look in the database, it crashes on the line
> where there is a single quote in the database. I've seen several
> articles about addslashes/stripslashes and str_replace for MS SQL.
> Had the data been put in the right way, there would be no problem.
> Or, if I had rights to use UPDATE/SET to modify all lines with single
> quotes, again there would be no problem. The problem is there is no
> way for me to change the data already stored in MS SQL. I can only
> read it, and IT won't let me change it. (Gotta love corporate
> America, but I digress). So now that the data is there, how can I
> retrieve it when it has a single quote in the data? Am I missing
> something? Please help.
>
> =====
> Query sample:
>
> $query1 = "SELECT * FROM table WHERE Name = '" .
> addslashes($name) ."' ";
> $result1 = db_query($query1, $DBLink) or die ('Error: Database
> error !');
> while ($row1 = db_fetch_assoc($result1)) {
> echo ( ($k++ == 0) ? (stripslashes($row1['WCUSNO'])) :
> ("," . stripslashes_mssql($row1['WCUSNO'])) );
> }
>
> =====
> Data sample (Name):
>
> John Doe
> John Q Public
> Tom's Bait Shop <---- This is where it dies, due to the
> apostrophe / single quote
>
> Thanks for your help.
>
> Eddie

MSSQL doesn't escape single quotes with a backslash. It escapes
single quotes with another single quote. So, instead of:

addslashes($name)

you want:

str_replace("'", "''", $name)