Re: mysql Digest 11 Jun 2002 13:45:36 -0000 Issue 1945

Tue, 11 Jun 2002 16:05:42 -0700 

On Tue, 11 Jun 2002, Trevor Phillips wrote:

> Date: Tue, 11 Jun 2002 13:27:53 +0800
> From: Trevor Phillips <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Problem with Escaping quotes
> 
> I'm writing some routines which generate SQL queries, and I'm trying to
> keep things generic. As such, I have a routine to SQL Escape some text,
> such that it can be used in a query without breaking anything. This
> routine predominantly consisted of preceeding all single quotes (') with
> a backslash. ie;   \'
> 
> However, this method of escaping does not seem to work with some other
> DBs (eg; Oracle), so it breaks when talking to other DBs. I changed my
> routine to instead replace all single quotes (') with two single quotes
> (''), which seems to be a more standard way of doing things. The routine
> now works for Oracle, and mostly works for MySQL, but...
> 
> The problems occur when you need to escape something like, for example:   \'
> If we use the double-quote method, then escaped, this becomes: \''
> For a DB which only supports the double-quote technique, internally
> unescaping this replaces each double-single quote with one single quote: \'
> For MySQL, however, it sees the \' as a single quote, and the second
> single quote as closing the string (which means anything after it is
> seen as SQL code).
> 
> Any ideas on how I can resolve this problem, preferrably without
> resorting to custom Escaping routines for different DBs?

How about translating each "\'" into "''", or escaping the "\"?  Does 
Oracle understand "\\"?  Is an occurrence of "\'" supposed to be an 
escaped "'" or a literal "\'"?  Someone may have created the escape
function you need; does the DB module of your language-of-choice have
such a function?



---------------------------------------------------------------------
Before posting, please check:
   http://www.mysql.com/manual.php   (the manual)
   http://lists.mysql.com/           (the list archive)

To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <mysql-unsubscribe-##L=##[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php

Reply via email to