Jump to content

newbie help - \ seems to be converting to '

mrblah

By mrblah
in PHP Coding Help

 Share

Recommended Posts

mrblah Newbie

mrblah

Posted
Posted

Hi all, new to this board and php and I've ran into a problem with an inventory management system I'm supporting. The problem is I have a table in MS SQL Server 2000 that contains serial numbers for parts and the serial numbers can contain single quotes and backslashes. I have it correctly accepting single quotes , however when I have a serial number with a backslash, either the query doesn't return anything (because it's looking for \\) or when I do a REPLACE() and replace all occurances of \\ with \, it throws a sql error - posted below is my code and the query before it is executed and after it is executed per print() statements.

 

  $query = "SELECT Part_serial_id 
				FROM PART_SERIAL 
				WHERE part_number = '$part' 
					and Serial_number = REPLACE('$serial_number','\\\\','\\')
					and base_id = $GLOBALS[uSERBASEID]";
          print("query is ".$query);
         $con->query($query);

 

$con->query() is defined below:

  Function query ($query_string)
  	  {
           $query_string = strtr($query_string, "\'" , "''" );     //SQL DB fix
           #die($query_string);
  	   $this->result_id = mssql_query ($query_string, $this->connection_id) ;
  	   If ($this->result_id == false)
  		{
  		   $this->Disp_Error_Page ("SQL Error: $query_string") ;
  		}
  	   Return $this->result_id ;
  	}

In the code above, what I'm trying to do is replace all occurances of \\ with a single \

 

Here's my debug output using print() statements:

 

query is SELECT Part_serial_id

FROM PART_SERIAL

WHERE part_number = 'partp'

and Serial_number = REPLACE('1''''2\\3''''5','\\','\')

and base_id = 1

SQL Error: SQL Error: SELECT Part_serial_id

FROM PART_SERIAL

WHERE part_number = 'partp'

and Serial_number = REPLACE('1''''2''3''''5','''',''')

and base_id = 1 Line 4: Incorrect syntax near '')

and base_id = 1'.

 

I know why it's causing the error (too many '') but I don't understand why the \\ are being replaced with ''''. Note the first query runs fine in query analyzer.

Thanks in advance for any help for the php newbie :)

Link to comment
Share on other sites
ballhogjoni Advanced Member

ballhogjoni

Posted
Posted

You need to escape all the quotes.

 

REPLACE('1''''2\\3''''5','\\','\')

 

too

 

REPLACE('1\'\'\'\'2\\3\'\'\'\'5',\'\\\',\'\\')

 

Unless you want the quotes then you will have to do something like

 

REPLACE("'1''2\\'3''5','\\','\\'")

 

Try that and see what happens.

 

Link to comment
Share on other sites
mrblah Newbie

mrblah

Posted
  • Author
Posted

Unfortunately, I need the quotes since the serial number is stored as : 1''2\3''5 in the database which to the user is 1'2\3'5.

I can't escape the quotes either, because in a file called sql.inc.php in which the database connections and functions are defined (I'm not able to modify this file), the function query($query_string) replaces all occurances of \' with '', leaving me with a mess of quotes and of course no search results (provided that it didn't error out). Hope this makes sense.

 

thanks for your time :)

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.