0

I used to do ASP (vbscript) Programming, and have recently tried to start using PHP. I used to have a function in ASP that allowed to to replace ' with ''.

This was used for queries with a SQL Server database. I was just wondering if it is as easy to use something like this for PHP. I am aware of addslashes and stripslashes but it doesn't really serve the exact purpose I want.

Say I had a simple query like:

$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE %s SET DataText = ('%s') WHERE PageID = '%d'",
$dbTABLE,
$PageHTML,
$PageID);

Is there a way to wrap it in something like str_replace to tell it that all ' should be replaced with ''?

I know I could search for it with a SQL Server query, but it needs to be before the data from a textarea is put into the database.

Improve this question

1 Answer 1

Reset to default
2

Yes, you can use the str_replace function:

str_replace("'", "''", "Neil O'Brien")

The example code you posted would look like:

$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE [%s] SET DataText = '%s' WHERE PageID = %d",
$dbTABLE,
str_replace("'", "''", $PageHTML),
$PageID);

I suggest using some kind of library instead of building queries yourself.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.