New Coder Posted March 27, 2007 Share Posted March 27, 2007 Hello All, I am trying to execute a query on my page that retrieves all a members details. $conn = odbc_connect('DBname,'username','password'); if(!$conn) {exit("Err:Conn"); } $sql = "select * from members where member_id = '$member_id' "; $rs = odbc_exec($conn, $sql); if( !$rs ) { exit ("Could not execute Query"); } The member ID is created from their surname and a unique number eg. Member: Joe Bloggs, Has Member ID: BLO987654 this will allow the query to excecute fine, but.. If I have a member Joe O'Rielly their Id number becomes O'R876543 and when thats put into the variable $member_id the query becomes $sql = "select * from members where member_id = 'O'R876543' "; The qeuery is then treating the apostrophe in the ID number as the end of the string and doesn't know what the rest of it is, so it just gives a could not execute query error. How can I get it to recognise the apostrophe in the ID number as just part of the string?? Many Thanks Quote Link to comment Share on other sites More sharing options...
Tyche Posted March 27, 2007 Share Posted March 27, 2007 You can escape the quote using a preceding \ so the following code should work $sql = "select * from members where member_id = '".str_replace("'","\'",$member_id)."'"; \ is used as the escape character in MySQL but I believe it should work in most other SQL variants Quote Link to comment Share on other sites More sharing options...
per1os Posted March 27, 2007 Share Posted March 27, 2007 $inputstring = mysql_real_escape_string($inputstring); should do this for you automatically. Quote Link to comment Share on other sites More sharing options...
New Coder Posted March 27, 2007 Author Share Posted March 27, 2007 I have tried both and neither work for mssql. Quote Link to comment Share on other sites More sharing options...
per1os Posted March 27, 2007 Share Posted March 27, 2007 oh dip, my bad dude. I did not realize it was for mssql. try: $input_string = addslashes($input_string); // usually you try to avoid this but in this case I think it is merited. Quote Link to comment Share on other sites More sharing options...
New Coder Posted March 27, 2007 Author Share Posted March 27, 2007 Cheers people, before I read the new post I have manged to get $sql = "select * from members where member_id = '".str_replace(" ' "," ' ' ",$member_id)."' "; working. Instead of \' it works with ' '. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.