On Fri, 7 Jan 2005 16:10:04 -0500, David McDowell <[EMAIL PROTECTED]> wrote: > This does not seem to work or meet our needs (escaping the apostrophe): > $Event = addslashes($_POST['event']); > > I hope I have given enough information for parsing. Anything you see > you can throw my way would be much appreciated. >
There are usually two solutions to the problem you're describing. The first is to turn magic-quotes on in your php.ini file. Then no special quoting is necessary for DB inserts, but you may need them at other points in time i.e. instead of adding quotes everywhere you insert into the database, you'll need them when you are not inserting into a database (i.e. writing to a file). If you make that change, make sure you test all your other PHP code for breakage. If magic_quotes_gpc is already on, you may need to change the quoting type. Look in the ini file for the word sybase. That should help you figure out which type of quoting you need. The second option is to use the DB specific escape_string function like mysql_escape_string. Unfortunately I don't see one for mssql. You are probably trying to use addslashes when magic_quotes are on, which ends up escaping the escapes, so instead of \' going into the SQL query, you'll have \\\'. -- Joseph Tate Personal e-mail: jtate AT dragonstrider DOT com Web: http://www.dragonstrider.com -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
