[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] Help with quotes in sql statements
|
From: |
Chris Weiss |
|
Subject: |
Re: [Phpgroupware-developers] Help with quotes in sql statements |
|
Date: |
Thu, 14 Nov 2002 17:48:49 +0000 |
use addslashes()...
>$sql.= 'title = \''.addslashes($person['main']['title']).'\', ';
>$sql.= 'last_name = \''.addslashes($person['main']['last_name']).'\', ';
>$sql.= 'middle = \''.addslashes($person['main']['middle']).'\',';
and so on for any string var that takes user input.
Brian Johnson (address@hidden) wrote*:
>
>Could someone help me with to change this sql statement from the addbook
>module, it
>has problems with names that include a single quote (like O'Sullivan)
>
>$sql = 'UPDATE phpgw_addbook_person_main SET ';
>$sql.= 'title = \''.$person['main']['title'].'\', ';
>$sql.= 'last_name = \''.$person['main']['last_name'].'\', ';
>$sql.= 'middle = \''.$person['main']['middle'].'\',';
>$sql.= 'first_name = \''.$person['main']['first_name'].'\', ';
>$sql.= 'birthday = \''.$birthday.'\', ';
>$sql.= 'gender = \''.$person['main']['gender'].'\'';
>$sql.= ' WHERE id = '.$id;
>
>This doesn't work
>
>$sql = "UPDATE phpgw_addbook_person_main SET ";
>$sql.= "title = \"".$person['main']['title']."\", ";
>$sql.= "last_name = \"".$person['main']['last_name']."\", ";
>$sql.= "middle = \"".$person['main']['middle']."\",";
>$sql.= "first_name = \"".$person['main']['first_name']."\", ";
>$sql.= "birthday = \"".$birthday."\", ";
>$sql.= "gender = \"".$person['main']['gender']."\"";
>$sql.= " WHERE id = ".$id;
>
>
>
>_______________________________________________
>Phpgroupware-developers mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>