#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2002
    Location
    Denmark
    Posts
    32
    Rep Power
    17

    Invalid characters in SQL query strings


    Hello all....

    When I insert string values into text fields using a SQL statement, I have to replace all apostrophes in the string value with \' to avoid a syntax error - however, it seems like there are other invalid characters but ' that needs to be replaced with something else....

    Can anyone tell me how to replace characters in a string so that the string can be inserted directly into a SQL statement? E.g. a list of "invalid" characters and what to replace them with would be perfect.

    Thanks in advance

    Yoel Pedersen
  2. #2
  3. busy...is there any other way?
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2001
    Location
    Amersfoort, Netherlands
    Posts
    259
    Rep Power
    17
    inserting a variable in your db (when using php) you can use the function addslashes() on the variable you're inserting.

    Now when you select the result from your db, use stripslashes() to make it clean again.

    Goodluck

IMN logo majestic logo threadwatch logo seochat tools logo