str_replace and SQL Server queries with PHP
I used to do ASP (vbscript) Programming, and have recently tried to start using PHP. I used to have a function in ASP that allowed to to replace ' with ''.
This was used for queries with a SQL Server database. I was just wondering if it is as easy to use something like this for PHP. I am aware of addslashes and stripslashes but it doesn't really serve the exact purpose I want.
Say I had a simple query like:
$dbTABLE = "Table_Name"; $query_sql = sprintf("UPDATE %s SET DataText = ('%s') WHERE PageID = '%d'", $dbTABLE, $PageHTML, $PageID);
Is there a way to wrap it in something like str_replace to tell it that all ' should be replaced with ''?
I know I could search for it with a SQL Server query, but it needs to be before the data from a textarea is put into the database.
Yes, you can use the str_replace function:
str_replace("'", "''", "Neil O'Brien")
The example code you posted would look like:
$dbTABLE = "Table_Name"; $query_sql = sprintf("UPDATE [%s] SET DataText = '%s' WHERE PageID = %d", $dbTABLE, str_replace("'", "''", $PageHTML), $PageID);
I suggest using some kind of library instead of building queries yourself.