addslashes and mssql

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

Guest
try the following 2 sql queries and you will see what I mean:

Code:
$where = "users'";
$where = addslashes($where);
$sqlMY = "select * from $where";

$where = "orders'";
$where = addslashes($where);
$sqlMS = "select * from $where";

now, the addslashes prevents the ' from causing errors in the mysql statement,. but the / returns an error in the mssql query. How does one get aroudnt his in mssql?
 
I guess a quick google search would have helped me before posting here.
Apparently (unsurprisingly) mssql doesnt support slashes, only solution I could find was the following:

please note that addslashes will NOT work with mssql, since mssql does not use the backslash character as an escape mechanism. just double your quotes instead. or use this:

Code:
<?php
function mssql_addslashes($data) {
   $data = str_replace("'", "''", $data);
   return $data;
}
?>
[/code][/quote]
 
hey!!!
what a co-incidience
I've developed same mssql_addslashes
but my version is
Code:
<?php
function mssql_addslashes($data) {
   $data = str_replace('\'', '\'\'', $data);
   return $data;
}
?>
And this one works like a smooth ride
 
Back
Top