phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Phpgroupware-developers] Help with quotes in sql statements

From: Heiko Verhelst
Subject: Re: [Phpgroupware-developers] Help with quotes in sql statements
Date: Thu, 14 Nov 2002 19:55:16 +0100
Take a look at the sourcecode of the notes application (class.so.inc.php I think). 
That uses the addslashes function.

At 20:14 13-11-02 +0000, you wrote:
Could someone help me with to change this sql statement from the addbook module, it 
has problems with names that include a single quote (like O'Sullivan)

$sql = 'UPDATE phpgw_addbook_person_main SET ';
$sql.= 'title = \''.$person['main']['title'].'\', ';
$sql.= 'last_name = \''.$person['main']['last_name'].'\', ';
$sql.= 'middle = \''.$person['main']['middle'].'\',';
$sql.= 'first_name = \''.$person['main']['first_name'].'\', ';
$sql.= 'birthday = \''.$birthday.'\', ';
$sql.= 'gender = \''.$person['main']['gender'].'\'';
$sql.= ' WHERE id = '.$id;

This doesn't work

$sql = "UPDATE phpgw_addbook_person_main SET ";
$sql.= "title = \"".$person['main']['title']."\", ";
$sql.= "last_name = \"".$person['main']['last_name']."\", ";
$sql.= "middle = \"".$person['main']['middle']."\",";
$sql.= "first_name = \"".$person['main']['first_name']."\", ";
$sql.= "birthday = \"".$birthday."\", ";
$sql.= "gender = \"".$person['main']['gender']."\"";
$sql.= " WHERE id = ".$id;



_______________________________________________
Phpgroupware-developers mailing list
address@hidden
http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
reply via email to
[Prev in Thread] Current Thread [Next in Thread]