Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)[Scanned]
Kelvin, This link should be helpful: http://www.mysql.com/doc/en/String_syntax.html Regards, Michael Egan -Original Message- From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED] Sent: 20 March 2003 16:21 To: 'Lowell Allen' Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Addslashes problem (MSSQL)[Scanned] What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
Read the user-contributed notes following the online manual info on addslashes: http://www.php.net/manual/en/function.addslashes.php -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 11:20:51 -0500 To: 'Lowell Allen' [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [PHP] Addslashes problem (MSSQL) What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php