Escaping function wiping all data from text fields/areas

I am attempting to replace ' with '' for error reasons within MSSQL queries. I understand that it could be more secure, I am just learning and they will get more secure.

So I used str_replace. and did this.

$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE %s SET PageHTML = ('%s') WHERE PageID = '%d'",
$dbTABLE,
str_replace("'","''",$PageHTML),
$PageID);

Worked fine, but for consistency and ease of use I want to write a function I could just include in all pages. Function looks like this:

 function SQLencode($svalue) {

str_replace("'","''",$svalue);

}

and implemented like this:

SQLencode($PageHTML),

However this just wipes all data from the query, I don't understand why. All my data is just blank afterwards. Can anyone tell me where I am going wrong?

Answers


You need to return the value from the function SQLencode(..).

function SQLencode($svalue) {
    return str_replace("'","''",$svalue);
}

Need Your Help

Report Builder Export to CSV with colum header spaces

csv reporting-services report reportbuilder3.0

This is a strange request as we all know that database headers should never contain spaces.

Auto Increment RowID in oracle database using java

java oracle prepared-statement

Ok say I have a table with two columns. Entry_id and name. Entry_id is a ROWID NOT NULL.

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.