Kelvin, This link should be helpful:
http://www.mysql.com/doc/en/String_syntax.html Regards, Michael Egan -----Original Message----- From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED] Sent: 20 March 2003 16:21 To: 'Lowell Allen' Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Addslashes problem (MSSQL)[Scanned] What do you mean by "It escapes single quotes with single quotes."? so let's say my $content is lalal 'lalalal' "lalala" then what do I have to do to $content in order to insert to my MSSQL table? -----Original Message----- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen > From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]> > Date: Thu, 20 Mar 2003 10:58:02 -0500 > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: [PHP] Addslashes problem (MSSQL) > > Hi, > > I have a problem that lets you add a record to a database. THere is a > problem with it, and the following is the area of the program where it has > problem. > > ---- > > $created_date = date('m, d, Y'); > > $title = strip_tags($title); > $keywords = strip_tags($keywords); > $content = strip_tags($content); > $product = strip_tags($product); > > > if (!get_magic_quotes_gpc()) { > $title = addslashes($title); > $keywords = addslashes($keywords); > $product = addslashes($product); > $content = addslashes($content); > } > > $query = "SELECT * FROM knowledgeBase"; > $result = mssql_query($query); > > $ID = mssql_num_rows($result); > $ID += 1; > > $query2 = "INSERT INTO knowledgeBase( > ID, > Title, > Keywords, > Content, > [Created Date], > [Updated Date], > Product) > VALUES( > '".$ID."', > '".$title."', > '".$keywords."', > '".$content."', > '".$created_date."', > 'Never', > '".$product."')"; > $result2 = mssql_query($query2); > > ---- > > where my $content value is osmethign like this. > > "Step 1: Access the homepage > Step 2: type in your username under the field 'username' " > > and after the addslashes funciton there would be \ around the 'username' > like this.. > \'username\'....and now after running this program I got an error message: > > Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. > (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php > on line 119 > > Warning: MS SQL: Query failed in > d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 > > > > does any body have any idea? I did the same thing with another problem but > it worked fine. I have no idea what the problem is. I know I need to > addslashes to the string since I am putting it in the valuable > $query2......please advise.. > > THanks!. > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
