CodeIgniter Forums

Full Version: ODBC SELECT - no value escape ?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

[eluser]hykoh[/eluser]
Hi there,

i need to migrate a MSSQL DB to a new DB. In the MSSQL DB, there is no numeric key used for datasets, only strings/names. So, if I foreach the results and try to query other reference tables, i fail on names within a single quote in it:

Quote:[Microsoft][ODBC SQL Server Driver][SQL Server]Zeile 3: Falsche Syntax in der Nähe von 'Andrea'.

SELECT * FROM sysop.SD_Model_Locations WHERE SMLC_SM_Model = 'D'Andrea, Firstname'

Filename: C:\xampp\htdocs\system\database\DB_driver.php

Is it a bug within the CI ODBC driver ?

El Forum

[eluser]Narf[/eluser]
That's a rather ... complicated one. It's as much intended as it is a bug.

Due to the very nature of ODBC - you can use pretty much any database platform without CodeIgniter having a way of knowing which one it is. And different databases have different escape characters and rules, so it's really up to you to do such kind of escaping.

El Forum

[eluser]MRosenello[/eluser]
For MSSQL sepcifically, you would add another ' to it. So 'D'Andrea, First' would become 'D''Andrea, First'.

So for example to make this work you would have to do a str_replace("'","''",$dbRecord) before using that value in a where clause or insert value etc.

Hopefully this helps, as I just had the same issue last week.