jakebur01 Posted June 9, 2011 Share Posted June 9, 2011 I am doing an odbc query. And one of the e-mails has a ' in it. Example: woody'[email protected] Warning: odbc_exec() [function.odbc-exec]: SQL error: [ProvideX][ODBC Driver]Unexpected extra token: woody'[email protected], SQL state 37000 in SQLExecDirect in C:\Inetpub\wwwroot\smithsadvantage\failed_messages.php on line 40 Error in SQL However, I still want to be able to select info from the database based on the email address above. How can I still query the data using a value that has quotes and other weird characters? if (!$conn) {exit("Connection Failed: " . $conn);} $sql="SELECT CUSTOMER_NUM, CUSTOMER_NAME, PHONE_1 FROM AR_CUST_MAST WHERE EMAIL_1 = '$line'"; //print $sql; $rs=odbc_exec($conn,$sql); if (!$rs) {exit("Error in SQL");} while (odbc_fetch_row($rs)) { $acct=odbc_result($rs,"CUSTOMER_NUM"); $name=odbc_result($rs,"CUSTOMER_NAME"); $phone=odbc_result($rs,"PHONE_1"); } Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/ Share on other sites More sharing options...
fugix Posted June 9, 2011 Share Posted June 9, 2011 escape the special chars using mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227650 Share on other sites More sharing options...
jakebur01 Posted June 9, 2011 Author Share Posted June 9, 2011 But, this is an odbc query? Can I still generate a MySQL connection, store mysql_real_escape_string() into a variable, and then use that value with my odbc query? Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227653 Share on other sites More sharing options...
fugix Posted June 9, 2011 Share Posted June 9, 2011 But, this is an odbc query? Can I still generate a MySQL connection, store mysql_real_escape_string() into a variable, and then use that value with my odbc query? i must have posted that without thinking, you cant call that function without a valid link established. maybe you can try using htmlentities() to insert data, and html_entity_decode()to draw them out of your db Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227657 Share on other sites More sharing options...
jakebur01 Posted June 9, 2011 Author Share Posted June 9, 2011 Mmmnn. There's gotta be a way to do this. Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227662 Share on other sites More sharing options...
jakebur01 Posted June 9, 2011 Author Share Posted June 9, 2011 As an alternative, could I do something like this so it will skip the query all together? Like: if($line contains ' OR $line contains " OR $line contains ,) { //do nothing } else { ... process query } Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227685 Share on other sites More sharing options...
fugix Posted June 10, 2011 Share Posted June 10, 2011 not sure what your logic behind doing that is, how would you grab the correct data for the user? Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227761 Share on other sites More sharing options...
kenrbnsn Posted June 10, 2011 Share Posted June 10, 2011 It looks like you need to use another single quote to escape a single quote when using odbc queries, so if you have the string <?php $str = "woody'[email protected]" ?> to use it in a odbc query, you could do <?php $str = str_replace("'","''",$str); ?> before using it. Ken Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227782 Share on other sites More sharing options...
jakebur01 Posted June 10, 2011 Author Share Posted June 10, 2011 Cool! What about if it contained a double quote? How would you escape that? It looks like you need to use another single quote to escape a single quote when using odbc queries, so if you have the string <?php $str = "woody'[email protected]" ?> to use it in a odbc query, you could do <?php $str = str_replace("'","''",$str); ?> before using it. Ken Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227912 Share on other sites More sharing options...
jakebur01 Posted June 10, 2011 Author Share Posted June 10, 2011 It would not return data, but it would keep my script from hanging up. not sure what your logic behind doing that is, how would you grab the correct data for the user? Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227916 Share on other sites More sharing options...
fugix Posted June 10, 2011 Share Posted June 10, 2011 i did some research on this topic because i was curious about it myself, i believe that the same rule applies for most special characters with obdc queries. doubling up the special char to escape it Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227939 Share on other sites More sharing options...
jakebur01 Posted June 10, 2011 Author Share Posted June 10, 2011 How do you use a double quote in str_replace? $queryline = str_replace(""","'""",$line); i did some research on this topic because i was curious about it myself, i believe that the same rule applies for most special characters with obdc queries. doubling up the special char to escape it Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227959 Share on other sites More sharing options...
wildteen88 Posted June 10, 2011 Share Posted June 10, 2011 How do you use a double quote in str_replace? $queryline = str_replace(""","'""",$line); Either use single quotes wrapped around the double quores $queryline = str_replace('"','""',$line); OR escape the double quotes $queryline = str_replace("\"","\"\"",$line); Link to comment https://forums.phpfreaks.com/topic/238912-screwing-up-query/#findComment-1227996 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.