On Tue, 11 Jun 2002, Trevor Phillips wrote: > Date: Tue, 11 Jun 2002 13:27:53 +0800 > From: Trevor Phillips <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Problem with Escaping quotes > > I'm writing some routines which generate SQL queries, and I'm trying to > keep things generic. As such, I have a routine to SQL Escape some text, > such that it can be used in a query without breaking anything. This > routine predominantly consisted of preceeding all single quotes (') with > a backslash. ie; \' > > However, this method of escaping does not seem to work with some other > DBs (eg; Oracle), so it breaks when talking to other DBs. I changed my > routine to instead replace all single quotes (') with two single quotes > (''), which seems to be a more standard way of doing things. The routine > now works for Oracle, and mostly works for MySQL, but... > > The problems occur when you need to escape something like, for example: \' > If we use the double-quote method, then escaped, this becomes: \'' > For a DB which only supports the double-quote technique, internally > unescaping this replaces each double-single quote with one single quote: \' > For MySQL, however, it sees the \' as a single quote, and the second > single quote as closing the string (which means anything after it is > seen as SQL code). > > Any ideas on how I can resolve this problem, preferrably without > resorting to custom Escaping routines for different DBs?
How about translating each "\'" into "''", or escaping the "\"? Does Oracle understand "\\"? Is an occurrence of "\'" supposed to be an escaped "'" or a literal "\'"? Someone may have created the escape function you need; does the DB module of your language-of-choice have such a function? --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <mysql-unsubscribe-##L=##[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php