I'm writing some routines which generate SQL queries, and I'm trying to
keep things generic. As such, I have a routine to SQL Escape some text,
such that it can be used in a query without breaking anything. This
routine predominantly consisted of preceeding all single quotes (') with
a backslash. ie; \'
However, this method of escaping does not seem to work with some other
DBs (eg; Oracle), so it breaks when talking to other DBs. I changed my
routine to instead replace all single quotes (') with two single quotes
(''), which seems to be a more standard way of doing things. The routine
now works for Oracle, and mostly works for MySQL, but...
The problems occur when you need to escape something like, for example: \'
If we use the double-quote method, then escaped, this becomes: \''
For a DB which only supports the double-quote technique, internally
unescaping this replaces each double-single quote with one single quote: \'
For MySQL, however, it sees the \' as a single quote, and the second
single quote as closing the string (which means anything after it is
seen as SQL code).
Any ideas on how I can resolve this problem, preferrably without
resorting to custom Escaping routines for different DBs?
--
. Trevor Phillips - http://jurai.murdoch.edu.au/ .
: Web Technical Administrator - [EMAIL PROTECTED] :
| IT Services - Murdoch University |
>--------------------------------------------------------------------<
| On nights such as this, evil deeds are done. And good deeds, of /
| course. But mostly evil, on the whole. /
\ -- (Terry Pratchett, Wyrd Sisters) /
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
