0

I have been trying to find a way in which it has the same outcome as using mysql_real_escape_string. I do know that sqlsrv does not have the command for escaping string, but I need the escape string function. Is there any command or method that does escape string for sqlsrv? I tried addslashes, but what it did was to input the slashes into the database as well, which unfortunately is not what I wanted. I just wanted this escape string to help as some of the inputs into database has special characters like ' in which there is problem inserting to database. Thank you!

Jolene
  • 3
  • 5
  • http://stackoverflow.com/questions/574805/how-to-escape-strings-in-sql-server-using-php – Charlotte Dunois Aug 02 '14 at 08:59
  • Yes, there is - it is called [parameterized queries](http://stackoverflow.com/a/60496/2864740) (addslashes is *never* correct for SQL) – user2864740 Aug 02 '14 at 09:08
  • @CharlotteDunois: Thank you so much for the link! Apparently I think I did str_replace before, but did not do correctly, hence the database show double quotes. Following the solution given in it, I managed to insert it correctly. Thanks for your help! – Jolene Aug 04 '14 at 00:58
  • @user2864740 Yes, I found the solution already, but still, Thank you! – Jolene Aug 04 '14 at 00:59
  • 1
    @Jolene Using a manual str_replace is also incorrect. – user2864740 Aug 04 '14 at 01:23
  • @user2864740 >< I see, because actually what I really wanted to ensure is that the ' quote can be inserted into database. Using str_replace did achieve that, but as to how to escape string... it's still a question to me. – Jolene Aug 05 '14 at 01:21

1 Answers1

1

As a general rule, you'll want to use PDO for database access. It wraps the logic from various databases into a single API.

Not all files are included with PHP for using PDO. Specifically, you'll need the SqlSrv driver from Microsoft's site... however, version 3.0 only supports PHP 5.3 and 5.4. Older versions will need version 2.0.

PHP 5.5 needs an unofficial release modified from the source code on CodePlex.

Note: There does not seem to be driver files for other OSes.

You will need two files to php.ini for PDO support, but which two depends on if PHP is compiled as thread-safe and which PHP version it is.

PDO contains both methods to do prepared statements (recommended) and quote values.

Powerlord
  • 87,612
  • 17
  • 125
  • 175
  • Woah, I'm sorry but it's a little complicated for me. However, I tried str_replace and it worked perfectly. Thank you still! – Jolene Aug 04 '14 at 00:59