0

So I am getting my butt kicked this morning before break trying to insert AT&T, well the & in general, from a text box into MSSQL. My problem is im not getting a return of test or test2. I am also not sure if \& is what I need to return but I havent gotten that far. 

if (strpos($str, "&") !== FALSE){
    return "TEST";
    //return str_replace("&","\&",$str);
}else{
    return "Test2";
    //return $str;
}
user2136748
  • 65
  • 6
  • `htmlentities()` ? Also you question is very unclear, do you use: `mysql_*` or `mysqli_` or `PDO` ? – Rizier123 Dec 23 '14 at 15:56
  • 2
    If you're not getting a return of TEST or Test2, then it would imply your script is failing to even reach that point, indicating a potential error further up in your script execution. Have you enabled error logging on your server? – TommyBs Dec 23 '14 at 15:56
  • There's no reason you shouldn't be able to insert "&", particularly, into SQL Server. It's not a character that needs escaping. And SQL Server doesn't use backslashes for escaping. Let's see the rest of your code. – Matt Gibson Dec 23 '14 at 15:57
  • possible duplicate of [How to escape strings in SQL Server using PHP?](http://stackoverflow.com/questions/574805/how-to-escape-strings-in-sql-server-using-php) – Niels Keurentjes Dec 23 '14 at 15:57
  • 2
    there's no way you'd get neither return value. if `&` is in the string, you'd get test. if it's NOT in the string, you'd get `test2`. Regardless... done any basic debugging to see what's in the string, like `var_dump($str)`? Perhaps the string is url-encoded and the `&` is actually `%26`. – Marc B Dec 23 '14 at 15:58
  • It seems JSON.stringify() is where it is going badly for me on the & sign – user2136748 Dec 23 '14 at 16:22

0 Answers0