Chips Posted June 19, 2006 Share Posted June 19, 2006 Hello, having some trouble with this one. Checked the php.net topics for anything, nothing can be found. tried using "addslashes()" but that doesn't seem to work either!So can anyone give me any quick pointers on what characters need to be escaped, and if they know of any functions that do this (integrated in php) or whether i'll have to use a different function and tailor it or not.Especially relevent to:Preventing sql injection attacks on mssql database (dunno how, but guessing ensuring they can't insert sql statements into queries that are just supposed to insert data instead!).Allowing users names like O'Donnel etcAllowing users to put ! ? " - ' ; : etc inside comments sections that will be logged into a database table.Unfort having massive trouble finding any information with regards to mssql, and plenty on mysql that just doesn't work (tried addslashes and nothing was entered when putting ' into a string of text!).Many thanks if anyone can help out. Quote Link to comment https://forums.phpfreaks.com/topic/12357-escaping-characters-for-an-insert-statement/ Share on other sites More sharing options...
Barand Posted July 1, 2006 Share Posted July 1, 2006 To input names Like O'Donnel you need to change it to O''Donnel (2 single quotes) to insert it into the table, unlike MySql which requires \'. Quote Link to comment https://forums.phpfreaks.com/topic/12357-escaping-characters-for-an-insert-statement/#findComment-51744 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.