SQL Apostrophe checker

by: Paul Broderick

April 20, 2001

Version: 1.0

Type: Function

Category: Databases

License: Other

Description: Checks the string parameters in a SQL query for single quotes and replaces them with 2 single quotes where necessary. This is required for MS-SQL where you may need to have an apostrophe in a string.

function checkApostrophes(&$strQuery)	{
	//Remove white space
	$strQuery = trim($strQuery);
	$params = split(",", $strQuery);
	$buffer = "";
	foreach($params as $param)	{
		$param = trim($param);
		if (substr_count($param, "'") > 0)	{
			//replace double all quotes in data
			$param = substr($param, 0, strpos($param, "'"))."'".str_replace("'", "''", substr( $param, strpos($param, "'") + 1, -1 ))."'";
		}
		$buffer .= $param.", ";
	}
	//remove final "," and "\"s
	$strQuery = str_replace("\\", "", substr($buffer, 0,  -2));
}

Comment and Contribute

0 Comments (click to add your comment)

Your comment has been submitted and is pending approval.

Author:

Paul Broderick

Comment:

Name/nickname:
Email:

Comment:

(Maximum characters: 1200). You have characters left.