Sunday, 8 October 2017

php - How to escape quotes in this case?

itemprop="text">


I want to return a new
string after replacing any CHAR(10) by "\n" inside a string passed as the parameter of a
function :



function
            executerCalcul($initial_string)
{
 $ret = "";
 $conn = new
            mysqli(BDD_SERVER, BDD_USER, BDD_PWD, BDD_NAME);
 if ($conn->connect_error)
            {
 trigger_error('Database connection failed: ' . $conn->connect_error,
            E_USER_ERROR);
 }

 if (stripos($initial_string, "'") ===
            false)
 $sql = "SELECT REPLACE('$initial_string', char(10 using utf8),'\n') as
            resultat";
 else
 {
 // how to write correctly $sql here
            because we are here in the case when there are single quotes inside the string
            parameter
 }
 $rs = $conn->query($sql);


            if($rs === false) {
 trigger_error('Wrong SQL: ' . $sql . ' Error: ' .
            $conn->error, E_USER_ERROR);

 } else {
 $rows_returned
            = $rs->num_rows;
 }
 $rs->data_seek(0);
 while($row
            = $rs->fetch_assoc()) {
 $ret .= $row['resultat'];
 }

            $rs->free();
 return
            $ret;
}



So
how to escape single quotes in the case the string parameter contains single quotes
?


style="font-weight: bold;">

Answer




href="http://www.php.net/manual/en/mysqli.real-escape-string.php" rel="nofollow">Use
built-in functions as shown in
documentation.



For
example:



$new_query =
            $conn->real_escape_string($query);



and
then execute the SQL normally.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...