Re: [sqlite] Single quotes are causing misery

Thu, 17 Mar 2005 05:59:25 -0800 

Are you using the SQLite .NET provider?  Just curious, anyway, SQLite also
supports using [ ] instead of  " " and believe me it's a good thing, using
" " as delimiters is a poor choice considering this conflicts with almost
all languages when it comes to string concatenation. In fact, I recommend
use [ ] over " " all of the time, however, the SQLite .NET managed driver
has issues with the [ ] delimiter style.


> I've nearly completed converting Wheatblog to sqlite.  It's been quite a
> learning experience!  I've come across a problem I haven't been able to
> figure out, though.
>
> Whenever I made a blog post that had a forward quote character (') in
> either
> the title or the body of the post, I'd get an error.
>
> After a little Googling, I changed my query to:
>
>
>       $query = "INSERT INTO $database_table
>          (id, day, month, date, year, category, title, body, showpref)
>          VALUES (null,
>          '" . sqlite_escape_string($_POST['the_day'])      . "',
>          '" . sqlite_escape_string($_POST['the_month'])    . "',
>          '" . sqlite_escape_string($_POST['the_date'])     . "',
>          '" . sqlite_escape_string($_POST['the_year'])     . "',
>          '" . sqlite_escape_string($_POST['the_category']) . "',
>          '" . sqlite_escape_string($_POST['the_title'])    . "',
>          '" . sqlite_escape_string($_POST['the_body'])     . "',
>          '" . sqlite_escape_string($_POST['the_showpref']) . "')";
>
>       DB_query($query, $db);
>
> and the definition of DB_query is:
>
>
>    function DB_query($cmd, $db)
>    {
>       $retval = sqlite_query($db, "$cmd")
>          or die('Query Error: ' .
> sqlite_error_string(sqlite_last_error($db)));
>
>       return $retval;
>    }
>
> This works in the sense that forward quotes no longer generate an error.
> However, whenever I print out a blog post, the forward quotes are all
> escaped.   So if I post:
>
>    This contains a ' character.
>
> The post, when printed looks like:
>
>    This contains a \' character.
>
> What's the proper way to ensure that ' characters are properly quoted but
> don't show up in the output?
>
> Thanks!
> Pete
>
> --
> Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
>
> GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E  70A9 A3B9 1945 67EA 951D
>

Reply via email to