You can always do something like : $MyPossiblyProblematicString = addslashes($MyPossiblyProblematicString); Before you put it in the query or use magic_quotes_gpc :
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NUL's are escaped with a backslash automatically. If magic_quotes_sybase is also on, a single-quote is escaped with a single-quote instead of a backslash Sincerely berber Visit http://www.weberdev.com/ Today!!! To see where PHP might take you tomorrow. -----Original Message----- From: John W. Long [mailto:[EMAIL PROTECTED]] Sent: Friday, September 06, 2002 5:00 AM To: [EMAIL PROTECTED] Subject: [PHP-DB] SQL newbie Hi, I'm using the following statements to insert a record into a table: $SQL_Exec_String = "Insert Into Messages (ReplyID,Subject,Sender,Email,Message,Reviewed) Values ($ReplyID,'$Subject','$Sender','$Email','$Message',$Reviewed)"; $cur = odbc_exec( $cnx, $SQL_Exec_String ); This works great except when I have a string like "don\'t get in my way" which has an apostrophe in it and causes the statement to get confused. It seems to me that SQL should have an escape sequence of some kind. Can someone get me pointed in the right direction? Thanks! ___________________ John Long www.wiseheart.20m.com -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
