bsteimel

I found the problem. I did not have the database connection in the escape call. If i did not include the database connection it would input \" into the database. With the slashes not being put into the database there is then no problem of retrieving the information.

oops i just realized that the code there is for a postgres database, you can follow the same logic but your going to have to use mssql statements instead. The one site that I use with mssql i use stored procs for everything. So instead of using sql statement and getting the result you can just create a insert client info stored proc and send across the id or the john doe name along with the other info

A great way to do this is when you pull the information out of the database use a field id in the options to identify each doe,John with the same client_id as the one in the database. Then when you send the information from your html section to your php section simply include either the id or the name If you don't use the id you must split the name apart from Doe, John to and Doe and John then when you pull the name from the database it will look something like this $name = selectedInformation from html page Or $nameid = selectedinformation ID; $name = explode(",", $name); $qry = "select id from client_info where firstName = '" . $name[1] . "' And lastName = '" . $name[0] . "'" OR $qry = "select id from client_info where clientid = '" . $nameid . "'; $r = pg_fetch_object($result); $r[0] = selected ID

You can reverse engineer any database using MS Visio try this tutorial:  [url=http://msdn2.microsoft.com/en-us/library/aa140264(office.10).aspx]http://msdn2.microsoft.com/en-us/library/aa140264(office.10).aspx[/url]

Problem 1 data going in securely: I am having a serious problem with quotes, postgresql and php. I have a database that needs to store XML tags inside the database such as <p1 type="example"/>. The data in the database will be exported in many other formats and with many different tools and languages so i would like it to remain true. If I put in pg_escape_string the data goes into the database as <p1 type=\"example\"/> I'd rather have the original in the database so i just don't use the escape function and it goes in fine, but is that secure? Also information has already been put into the database directly so there is already the first example in the database. problem 2 data coming out: How do i remove the data if it doesn't already have the slashes in place? When i try to use pg_fetch_row or object or array i get spaces, and blanks and things go all over the place. Is there a postgres php function that escapes strings on the way out of a database. any help would be great, thanks in advance I'm a new user here but have been a php programmer for 2 years now, while i have used this site for reference this is my first time posting, and i'm pretty sure it won't be my last. postgresql 8, php 5, apache 2.2.4