PHP :: Bug #4964 :: inserting "special" data fails

Bug #4964	inserting "special" data fails
Submitted:	2000-06-11 21:31 UTC	Modified:	2000-06-11 22:48 UTC
From:	fredo at pandora dot be	Assigned:
Status:	Closed	Package:	ODBC related
PHP Version:	4.0.0 Release	OS:	NT4/Apache1.3.12
Private report:	No	CVE-ID:	None

View Developer Edit

[2000-06-11 21:31 UTC] fredo at pandora dot be

Ok, here goes, I don't think this is a real bug, but I can't find a solution for it,

$db_query  = "INSERT INTO UserInfo (Name, Email) ".
             "VALUE ('$username', '$email')";
$db_result = odbc_exec($db_conn, $db_query);

This works smoothly as long as no value contains a "special" sign. Example,

$username="Olivier D'hooghe"

Several people told me to use addslashes() but that doesn't solve it, here follows the error message,

Warning: SQL error: [Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression ''Olivier D\'Hooghe', 'oli@home.net')'., SQL state 37000 in SQLExecDirect in common.php on line 101

The problem is the <'> in the username. I'm stuck.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2000-06-11 22:27 UTC] stas at cvs dot php dot net

This is not PHP error. Try finding how Access escapes quotes (double quote?)

[2000-06-11 22:48 UTC] fredo at pandora dot be

<?
  $username = "Olivier D'hooghe";
  $username = ereg_replace("'", "''", $username);
  echo $username;
?>

Solves it...

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Fri Dec 19 08:00:01 2025 UTC