Read the user-contributed notes following the online manual info on addslashes: <http://www.php.net/manual/en/function.addslashes.php>
-- Lowell Allen > From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]> > Date: Thu, 20 Mar 2003 11:20:51 -0500 > To: 'Lowell Allen' <[EMAIL PROTECTED]> > Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: [PHP] Addslashes problem (MSSQL) > > > What do you mean by "It escapes single quotes with single quotes."? > > so let's say my $content is > > lalal 'lalalal' "lalala" > > > then what do I have to do to $content in order to insert to my MSSQL table? > -----Original Message----- > From: Lowell Allen [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 20, 2003 11:20 AM > To: PHP > Subject: Re: [PHP] Addslashes problem (MSSQL) > > > MS-SQL doesn't escape with slashes. It escapes single quotes with single > quotes. > > -- > Lowell Allen > >> From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]> >> Date: Thu, 20 Mar 2003 10:58:02 -0500 >> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> >> Subject: [PHP] Addslashes problem (MSSQL) >> >> Hi, >> >> I have a problem that lets you add a record to a database. THere is a >> problem with it, and the following is the area of the program where it has >> problem. >> >> ---- >> >> $created_date = date('m, d, Y'); >> >> $title = strip_tags($title); >> $keywords = strip_tags($keywords); >> $content = strip_tags($content); >> $product = strip_tags($product); >> >> >> if (!get_magic_quotes_gpc()) { >> $title = addslashes($title); >> $keywords = addslashes($keywords); >> $product = addslashes($product); >> $content = addslashes($content); >> } >> >> $query = "SELECT * FROM knowledgeBase"; >> $result = mssql_query($query); >> >> $ID = mssql_num_rows($result); >> $ID += 1; >> >> $query2 = "INSERT INTO knowledgeBase( >> ID, >> Title, >> Keywords, >> Content, >> [Created Date], >> [Updated Date], >> Product) >> VALUES( >> '".$ID."', >> '".$title."', >> '".$keywords."', >> '".$content."', >> '".$created_date."', >> 'Never', >> '".$product."')"; >> $result2 = mssql_query($query2); >> >> ---- >> >> where my $content value is osmethign like this. >> >> "Step 1: Access the homepage >> Step 2: type in your username under the field 'username' " >> >> and after the addslashes funciton there would be \ around the 'username' >> like this.. >> \'username\'....and now after running this program I got an error message: >> >> Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. >> (severity 15) in > d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php >> on line 119 >> >> Warning: MS SQL: Query failed in >> d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 >> >> >> >> does any body have any idea? I did the same thing with another problem > but >> it worked fine. I have no idea what the problem is. I know I need to >> addslashes to the string since I am putting it in the valuable >> $query2......please advise.. >> >> THanks!. >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
