Exactly repeating the quote will escape it.
But it is much better to not insert the values directly into the SQL
String but to bind them instead, as the DB (if Oracle or SQL Server or
whatever) does not have to parse the statement over and over again.
You also do not have to worry about repeating the quote when binding.
Also you do not have to worry about LONG columns.
Florian
Von: Andrian Pervazov <[EMAIL PROTECTED]>
Betreff: Re: [PHP-WIN] Converting apostrophes for insertion into Oracle
CC: [EMAIL PROTECTED]
For SQLServer and Oracle, the single quote is escaped by simply
repeating it. You can dio it by hand, but I believe this is what the
sybase magic quotes directive does as well.
Andrian
Christopher Derr wrote:
>
> I'm working on this same issue with my, don't laugh, Access 97 backend.
When
> users enter apostrophes into the field, it chokes on them. I've been
using
> urlencode and urldecode and that converts everything happily but makes
looking
> directly at the database entries painful:
>
> Let%5C%27s+test+apostrophes
>
> is actually Let's test apostrophes. Urldecode works it out on the web
end.
>
> I would imagine there are scripts to get the apostrophe's out, but
magic_quotes
> (from the PHP.ini file) and addslashes doesn't seem to do the trick...
>
> Chris
>
> "Asendorf, John" wrote:
>
> > The error comes up when you have something like this
> >
> > INSERT into cfull2.tbl_dl_customers (CUSTID_NUM, SHORT_NAME)
> > VALUES("$Max_ID", "$SHORT_NAME")
> >
> > and $SHORT_NAME is empty so the SQL looks like this
> >
> > INSERT into cfull2.tbl_dl_customers (CUSTID_NUM, SHORT_NAME)
VALUES("20002",
> > "") //doesn't work
> >
> > If I use the single quote or apostrophe, it works fine....
> >
> > INSERT into cfull2.tbl_dl_customers (CUSTID_NUM, SHORT_NAME)
VALUES('20002',
> > '') //works fine
> >
> > > -----Original Message-----
> > > From: Svensson, B.A.T. [mailto:[EMAIL PROTECTED]]
> > > Sent: Monday, February 05, 2001 4:39 PM
> > > To: Asendorf, John
> > > Subject: RE: [PHP-WIN] Converting apostrophes for insertion
> > > into Oracle
> > >
> > >
> > > That seams to be related to the name of the attribute(?)
> > > (filed), not the
> > > content of the attribute (filed). Or do I misinterpret the
> > > error message?
> > >
> > > >-----Original Message-----
> > > >From: Asendorf, John [mailto:[EMAIL PROTECTED]]
> > > >Sent: Monday, February 05, 2001 10:21 PM
> > > >To: Pablo Vera; Php-Windows (E-mail)
> > > >Subject: RE: [PHP-WIN] Converting apostrophes for insertion
> > > into Oracle
> > > >
> > > >
> > > >Hi Pablo
> > > >
> > > >To answer your question, yes... It doesn't seem to like that
> > > >because the
> > > >field can be empty... for some reason Oracle won't allow you
> > > >to have an
> > > >empty field enclosed by two "'s... ORA-01741: illegal zero-length
> > > >identifier
> > > >
> > > >John
> > > >
> > > >> John:
> > > >>
> > > >> When you say that your SQL statement has apostrophes, you
> > > mean single
> > > >> quotes enclosing a string value ?, if this is the case, why not try
> > > >> changing the single quotes in your SQL for double quotes.
> > > >>
> > > >> Saludos,
> > > >> Pablo
> > > >> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> > > >>
> > > >> Monday, February 05, 2001, 3:03:21 PM, John wrote:
> > > >>
> > > >> AJ> I've got a web form that might have someone entering
> > > apostrophes.
> > > >> AJ> Unfortunately, my SQL statement has apostrophes in it and
> > > >> it seems to be
> > > >> AJ> messing it up...
> > > >>
> > > >> AJ> Any suggestions other than a regex (which I could do myself)?
> > > >>
> > > >> AJ> John
> > > >>
> > > >> AJ> ---------------------
> > > >> AJ> John Asendorf - [EMAIL PROTECTED]
> > > >> AJ> Web Applications Developer
> > > >> AJ> http://www.lcounty.com - NEW FEATURES ADDED DAILY!
> > > >> AJ> Licking County, Ohio, USA
> > > >> AJ> 740-349-3631
> > > >>
> > > >> AJ> The benefit to the government of replacing all $1 Federal
> > > >> Reserve notes with
> > > >> AJ> $1 coins would be $522.2 million per year, according to
> > > >> estimates of the
> > > >> AJ> General Accouting Office released on April 7, 2000.
> > > >>
--
Florian Clever
[EMAIL PROTECTED]
http://www.Clever-Software-Solutions.de/
PGP Key @ ldap://certserver.pgp.net/
Any sufficiently advanced bug is indistinguishable from a feature. --
Rich Kulawiec
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
