Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

mysql_real_escape_string function for MS SQL?

Status
Not open for further replies.
irbk

irbk

MIS
Oct 20, 2004
578
US
I've used PHP w/MySQL with great sucess in the past. Now I'm trying to convert some of my code to use SQL instead. I have a function...

function escape_data ($data) { // Create a function for escaping the data.
global $dbc; // Need the connection.
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbc);
}

Works very well for escaping data in MySQL. I'd like to use the same function in MS-SQL however I didn't see anything in the Doc's on php.net. Does a function like this exist for MSSQL?

Thanks in advance!
 
Sort by date Sort by votes
Any one have a function built to clean up input that will work with MS SQL?
 
Upvote 0 Downvote
Personaly I cant see why your existing function wouldn't actually work perfectly for ms-sql the way it stands, afaik the charcters to be escaped would be the same ?

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
There is however one drawback ...

the_manual said:
Note: A MySQL connection is required before using mysql_real_escape_string()
Click to expand...

Hmm, a flaw in the best of plans.

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.
 
Upvote 0 Downvote
but such connection is not required for mysql_escape_string.

for the real_escape_string a connection is required so that php can discern the character set that is in use.

i don't use mssql myself so can't comment on whether mysql escaping will work on mssql.
 
Upvote 0 Downvote
I can tell you that as it stands the mysql_real_escape_string does not work with MS-SQL. Probally as is noted above, because a mysql connection is required to determine the character set.
 
Upvote 0 Downvote
i suspect that is the case.

i believe (on very little evidence) that mssql does not need to have any characters escaped other than the single quote and that the escape character is another single quote.

ie. john's becomes john''s

so this is as simple as
Code: 
$escaped_text = str_replace("'", "''", $text);

note that you need to undo the horrors of magic quotes first of course:
Code: 
if (get_magic_quotes_gpc()) {
 $val = stripslashes($val);
}
and if you have magic_quotes_runtime switched on you ought (to be shot) to switch it off at the beginning of your script
Code: 
set_magic_quotes_runtime(0);
 
Upvote 0 Downvote
I'm using tinymce to input the data into the var's. I *think* tinymce might already escape the single quote. Have to test that out....
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lexer
  • Locked
  • Question
Join two mysql tables for populate datatable
Replies
3
Views
280
spamjim
spamjim
waubain
  • Locked
  • Question
Delete all of todays files in folder except for file dated closest to 12 noon
Replies
1
Views
172
waubain
waubain
coldbohemia
  • Locked
  • Question
network folder inaccessible from php is_dir function
Replies
2
Views
286
coldbohemia
coldbohemia
lexer
  • Locked
  • Question
Fetching Data from Mysql and filling Inputs in a Form
Replies
0
Views
165
lexer
lexer
Gerrit Broekhuis
  • Locked
  • Question
PHP form with captcha and file upload
Replies
4
Views
222
Gerrit Broekhuis
Gerrit Broekhuis

Part and Inventory Search

Sponsor

Back
Top