CodeIgniter Forums
ODBC SELECT - no value escape ? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: ODBC SELECT - no value escape ? (/showthread.php?tid=52594)



ODBC SELECT - no value escape ? - El Forum - 06-18-2012

[eluser]hykoh[/eluser]
Hi there,

i need to migrate a MSSQL DB to a new DB. In the MSSQL DB, there is no numeric key used for datasets, only strings/names. So, if I foreach the results and try to query other reference tables, i fail on names within a single quote in it:

Quote:[Microsoft][ODBC SQL Server Driver][SQL Server]Zeile 3: Falsche Syntax in der Nähe von 'Andrea'.

SELECT * FROM sysop.SD_Model_Locations WHERE SMLC_SM_Model = 'D'Andrea, Firstname'

Filename: C:\xampp\htdocs\system\database\DB_driver.php

Is it a bug within the CI ODBC driver ?


ODBC SELECT - no value escape ? - El Forum - 06-20-2012

[eluser]Narf[/eluser]
That's a rather ... complicated one. It's as much intended as it is a bug.

Due to the very nature of ODBC - you can use pretty much any database platform without CodeIgniter having a way of knowing which one it is. And different databases have different escape characters and rules, so it's really up to you to do such kind of escaping.


ODBC SELECT - no value escape ? - El Forum - 06-20-2012

[eluser]MRosenello[/eluser]
For MSSQL sepcifically, you would add another ' to it. So 'D'Andrea, First' would become 'D''Andrea, First'.

So for example to make this work you would have to do a str_replace("'","''",$dbRecord) before using that value in a where clause or insert value etc.

Hopefully this helps, as I just had the same issue last week.