SQL and Quotes

Anon

Hello,

How do I prepare a SQL insert query to handle single quotes, double quotes and other special chars there may be? Is there an inbuilt function to take care of this.

Please help.

Thanks :-)

trooper

Natalie

can you explain further what you mean - give an example of what of mean.

If i understand it correctly you want to know how do you get the SQL statement to handle insert queries like this

INSERT INTO table (name) VALUES 'o'shea' where O'shea is the value you need to put into the database.

If i'm right then you would need to "prepare" the data before it goes into the database.

This means you need to "escape" all special characters that would otherwise mess the SQL query.

Using the example above you do the following

$name = addslashes($name);

this would then set the SQL Insert query to be INSERT INTO table (name) VALUES 'o\'shea'.

that will work fine

For more information lookup the addslashes function in any good php bok

Gary Mailer