Jump to content

[SOLVED] Apostrophe won't stop causing problems!!!

ShootingBlanks

By ShootingBlanks
in PHP Coding Help

Recommended Posts

ShootingBlanks Regular Member

ShootingBlanks

Posted
Posted

Hello.  I'm getting this error if I enter anything with an apostrophe (in this case, entering "starbuck's"):

 

Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near 's'. (severity 15) in D:\Inetpub\wwwroot\HatTrakker.anixter.com\admin\insertPrize.php on line 35

Warning: mssql_query() [function.mssql-query]: message: Unclosed quotation mark after the character string ''. (severity 15) in D:\Inetpub\wwwroot\HatTrakker.anixter.com\admin\insertPrize.php on line 35

 

The PHP code I'm using is:

 

$prize_name = $_POST['prize_name'];

 

The SQL query that is error'ing out is:

 

$query_listPrizes = "SELECT PRIZE_ID
					   FROM dbo.CNH_PRIZES
					   WHERE PRIZE_NAME = '$prize_name'
					   AND BUS_GRP = 'ECS'";

 

I've tried entering "starbuck\'s" instead of "starbuck's", and I get the same error.  I've also tried changing my code to:

 

$prize_name = str_replace("'", "'", $_POST['prize_name']);

 

Also the same results.  Any ideas???  Thanks!

 

 

printf Newbie

printf

Posted
Posted

use... mysql_real_escape_string();

 

 


$query_listPrizes = "SELECT PRIZE_ID
                     FROM dbo.CNH_PRIZES
                     WHERE PRIZE_NAME = '" . mysql_real_escape_string ( $prize_name ) . "'
                     AND BUS_GRP = 'ECS'";

 

 

Sorry, mssql...

 

addslashes();

ShootingBlanks Regular Member

ShootingBlanks

Posted
  • Author
Posted

use... mysql_real_escape_string();

 

 


$query_listPrizes = "SELECT PRIZE_ID
                     FROM dbo.CNH_PRIZES
                     WHERE PRIZE_NAME = '" . mysql_real_escape_string ( $prize_name ) . "'
                     AND BUS_GRP = 'ECS'";

 

Getting closer!...

 

Is there a MSSQL equivalent to the mysql_real_escape_string because I'm using SQL (not MySQL), and now I get the following error:

 

Fatal error: Call to undefined function mysql_real_escape_string() in D:\Inetpub\wwwroot\HatTrakker.anixter.com\admin\insertPrize.php on line 32

printf Newbie

printf

Posted
Posted

MSSQL

 


function mssqlEscape ( $string )
{
if ( true === ( bool ) get_magic_quotes_gpc () )
{
	$string = stripslashes ( $string );
}

if ( ! is_numeric ( $string ) )
{
	$string = str_replace ( "'", "''", $string );
}

return $string;
}

// example usage...

$prize_name = mssqlEscape ( $_POST['prize_name'] );

ShootingBlanks Regular Member

ShootingBlanks

Posted
  • Author
Posted

MSSQL

 


function mssqlEscape ( $string )
{
if ( true === ( bool ) get_magic_quotes_gpc () )
{
	$string = stripslashes ( $string );
}

if ( ! is_numeric ( $string ) )
{
	$string = str_replace ( "'", "''", $string );
}

return $string;
}

// example usage...

$prize_name = mssqlEscape ( $_POST['prize_name'] );

 

That doesn't cause any errors, but it does cause the apostrophe to turn into two apostrophes...

 

So, if someone enters:

 

starbuck's

 

It will display as:

 

starbuck''s

 

Is there a solution to really make it display exactly how it's intended???

 

 

printf Newbie

printf

Posted
Posted

You only use that function when you need to perform a query... (it needed because mssql uses that as it's escape sequence '' <= 2 apostrophe's escapes a single apostrophe's )

 

Such as...

 

$query_listPrizes = "SELECT PRIZE_ID
                     FROM dbo.CNH_PRIZES
                     WHERE PRIZE_NAME = '" . mssqlEscape ( $prize_name ) . "'
                     AND BUS_GRP = 'ECS'";

 

 

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.