Query "escape" handling (character escape)

Asked

Viewed 68 times

0

Setting:

Query of insertion:

public function forward($descricao)
{
    ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'" ;
    $sql_enc = " INSERT INTO rg_encaminhamentos (`descricao`) VALUES ($descricao) ";

}

I am inserting in the text (in the case of $descricao):

SET UF = 18
WHERE DOCUMENTO IN (SELECT HANDLE FROM DOCUMENTOS
WHERE DOCUMENTODIGITADO IN ('218747','218748','218786','218787','218794',
'218795','218839','218840','218885','218886','218914','218915'))

Problem:

The error in the query occurs because the text is recognised as part of the code.


Doubt:

  • What are the possible ways to treat this?
  • Try this: $sql_enc = " INSERT INTO tabela (description) VALUES ('$descricao') ";, with the pelicas in $descricao ('$descricao')

  • It didn’t... but I have a treatment before because this field might be NULL too... I’ll put in the code, sorry.

  • Because 'NULL' it’s like a string, it’s got to be NULL without quotation marks! You could and should use mysqli or pdo.

  • @Virgilionovic yes, NULL is ok... I think I’ve solved... I inverted the quotes '"{$descricao}"'

  • With an answer just below, you can also answer your own questions

  • I found ! had even deleted the question ! Thanks staff !

  • But, explain this better... has low quality your answer

Show 2 more comments

1 answer

0


Solved with the command addslashes:

public function forward($descricao){

   $descricao = addslashes($descricao);

   ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'";

   $sql_enc = " INSERT INTO rg_encaminhamentos (`descricao`) VALUES ($descricao) ";
}

The command adds the bars to escape the characters.

Official manual: http://php.net/manual/en/function.addslashes.php

Browser other questions tagged

You are not signed in. Login or sign up in order to post.