2

I'm am looking for a function similar to mysql_real_escape_string for the SQLSRV library.

Specifically I'm having difficulties escaping single quotation marks. Instead of escaping with a "\" like in mysql you use a single quote in front of the other single quote as the escape method.

I'm working on coming up with a solution of my own using preg_replace but was just wondering if there was something else out there I was missing.

muzaffar
  • 1,706
  • 1
  • 15
  • 28
Conner
  • 413
  • 2
  • 8
  • 20
  • 1
    I've found a solution using preg_replace `$pattern = "/'/"; $replacement = "''"; $output = preg_replace($pattern, $replacement, $input);` – Conner Mar 12 '12 at 16:19

1 Answers1

1

I would recommend to use an abstraction layer like http://php.net/pdo, http://www.doctrine-project.org/ or http://www.propelorm.org/

With pdo for example you can use http://php.net/manual/en/pdo.quote.php

tonymarschall
  • 3,862
  • 3
  • 29
  • 52
  • 1
    That does look like one solution to my problem but all my code uses the sqlsrv library and it's working great with the exception of my single quotation problem. I really don't want to scrap that and start over with pdo just because of this one little issue. – Conner Mar 12 '12 at 16:08
  • maybe this helps: http://stackoverflow.com/questions/7604036/how-to-sanitize-input-with-php-and-the-sqlsrv-driver – tonymarschall Mar 12 '12 at 16:16
  • and here is another one: http://stackoverflow.com/questions/574805/how-to-escape-strings-in-mssql-using-php – tonymarschall Mar 12 '12 at 16:17
  • Thanks. The solutions you provided are very informative and since there is no alternative to mysql_real_escape_string for sqlsrv I am marking yours as the correct answer. – Conner Mar 12 '12 at 17:02
  • 3
    This is definetely not the correct answer. What is your recommendation if I want to write a custom abstraction layer? There may be cases where PDO or Doctrine are a good choice, but in some cases they are not. – dr fu manchu Nov 24 '14 at 12:19