PHP :: Bug #4964 :: inserting "special" data fails

Bug #4964	inserting "special" data fails
Submitted:	2000-06-11 21:31 UTC	Modified:	2000-06-11 22:48 UTC
From:	fredo at pandora dot be	Assigned:
Status:	Closed	Package:	ODBC related
PHP Version:	4.0.0 Release	OS:	NT4/Apache1.3.12
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fredo at pandora dot be
New email:
PHP Version:		OS:

New Comment:

[2000-06-11 21:31 UTC] fredo at pandora dot be

Ok, here goes, I don't think this is a real bug, but I can't find a solution for it,

$db_query  = "INSERT INTO UserInfo (Name, Email) ".
             "VALUE ('$username', '$email')";
$db_result = odbc_exec($db_conn, $db_query);

This works smoothly as long as no value contains a "special" sign. Example,

$username="Olivier D'hooghe"

Several people told me to use addslashes() but that doesn't solve it, here follows the error message,

Warning: SQL error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''Olivier D\'Hooghe', 'oli@home.net')'., SQL state 37000 in SQLExecDirect in common.php on line 101

The problem is the <'> in the username. I'm stuck.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-06-11 22:27 UTC] stas at cvs dot php dot net

This is not PHP error. Try finding how Access escapes quotes (double quote?)

[2000-06-11 22:48 UTC] fredo at pandora dot be

<?
  $username = "Olivier D'hooghe";
  $username = ereg_replace("'", "''", $username);
  echo $username;
?>

Solves it...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun Jul 06 05:01:37 2025 UTC