I'm writing some routines which generate SQL queries, and I'm trying to keep things generic. As such, I have a routine to SQL Escape some text, such that it can be used in a query without breaking anything. This routine predominantly consisted of preceeding all single quotes (') with a backslash. ie; \'
However, this method of escaping does not seem to work with some other DBs (eg; Oracle), so it breaks when talking to other DBs. I changed my routine to instead replace all single quotes (') with two single quotes (''), which seems to be a more standard way of doing things. The routine now works for Oracle, and mostly works for MySQL, but... The problems occur when you need to escape something like, for example: \' If we use the double-quote method, then escaped, this becomes: \'' For a DB which only supports the double-quote technique, internally unescaping this replaces each double-single quote with one single quote: \' For MySQL, however, it sees the \' as a single quote, and the second single quote as closing the string (which means anything after it is seen as SQL code). Any ideas on how I can resolve this problem, preferrably without resorting to custom Escaping routines for different DBs? -- . Trevor Phillips - http://jurai.murdoch.edu.au/ . : Web Technical Administrator - [EMAIL PROTECTED] : | IT Services - Murdoch University | >--------------------------------------------------------------------< | On nights such as this, evil deeds are done. And good deeds, of / | course. But mostly evil, on the whole. / \ -- (Terry Pratchett, Wyrd Sisters) / --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php