| Malcolm Dew-Jones 2005-08-15, 8:23 pm |
| Joel (joel@ecsnj.com) wrote:
: I realize there are many ways to handle Apostrophes in sql statements. The
: problem I'm having is comparing a string with an Apostrophe entered by the
: operator against the field in the DB (ie Field: Customer Name against
: entered name by operator which includes an apostrophe). The function I use
: works well with the string (what it does is replaces the Apostrophe with two
: Apostrophes thus allowing the sql statement to work). However, how can you
: get a comparable function to handle the field in the Sql statement? I'm
: using MySql.
I'm a tiny bit confused, but perhaps the following will help.
In php I use " mysql_escape_string(
)" to create a value that can be used
directly in an sql statement.
$Qval = mysql_escape_string(
$val);
$sql = "SELECT * FROM TBL WHERE MY_COL = '$Qval';
I don't worry about quotes or anything else cause the escape function does
that.
In Perl using DBI you would use the
"$quoted_string = $dbh->quote($string);" utility method in the same way.
Other languages and interfaces often have similar functions.
If you're typing the queries by hand (so to speak) then try
google: "mysql escaping string values" to get a list of ways to escape
things in strings within mysql.
--
This space not for rent.
|