Eiolon Posted January 8, 2011 Share Posted January 8, 2011 I am using PHP with ODBC to connect to an existing MSSQL database to query for some names. When I query a name that has an apostrophe in it, I get an error. Example typing O'Malley as the name: Warning: odbc_exec() [function.odbc-exec]: SQL error: [Microsoft][ODBC SQL Server Driver] Incorrect syntax near 'malley'., SQL state 37000 in SQLExecDirect [/quote] I have used addslashes to the string but get the same result: [code] $string = addslashes($_POST['string']); $connect = odbc_connect("$mssql_name", "$mssql_user", "$mssql_pass"); $query_mssql = "SELECT pr.NameFirst, pr.NameLast, pr.NameMiddle, pr.Birthdate, p.Barcode, p.OrganizationID FROM PatronRegistration pr JOIN Patrons p ON (pr.PatronID = p.PatronID) WHERE pr.NameLast = '$string'"; $result = odbc_exec($connect, $query_mssql); [/code] Any ideas? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 8, 2011 Share Posted January 8, 2011 Echo $string and see if the ' was escaped properly. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 8, 2011 Share Posted January 8, 2011 In mssql you escape a single-quote using another single-quote. Quote Link to comment Share on other sites More sharing options...
Eiolon Posted January 8, 2011 Author Share Posted January 8, 2011 Ah, thanks. I used eregi to escape it and it's working now. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 8, 2011 Share Posted January 8, 2011 Not 100% certain, but IIRC you can set magic_quotes_sybase to On in your php.ini file, and addslashes will work properly with it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.