+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: ODBC SELECT - no value escape ? (/showthread.php?tid=52594)
ODBC SELECT - no value escape ? - El Forum - 06-18-2012
[eluser]hykoh[/eluser]
Hi there,
i need to migrate a MSSQL DB to a new DB. In the MSSQL DB, there is no numeric key used for datasets, only strings/names. So, if I foreach the results and try to query other reference tables, i fail on names within a single quote in it:
Quote:[Microsoft][ODBC SQL Server Driver][SQL Server]Zeile 3: Falsche Syntax in der Nähe von 'Andrea'.
SELECT * FROM sysop.SD_Model_Locations WHERE SMLC_SM_Model = 'D'Andrea, Firstname'
Filename: C:\xampp\htdocs\system\database\DB_driver.php
Is it a bug within the CI ODBC driver ?
ODBC SELECT - no value escape ? - El Forum - 06-20-2012
[eluser]Narf[/eluser]
That's a rather ... complicated one. It's as much intended as it is a bug.
Due to the very nature of ODBC - you can use pretty much any database platform without CodeIgniter having a way of knowing which one it is. And different databases have different escape characters and rules, so it's really up to you to do such kind of escaping.
ODBC SELECT - no value escape ? - El Forum - 06-20-2012
[eluser]MRosenello[/eluser]
For MSSQL sepcifically, you would add another ' to it. So 'D'Andrea, First' would become 'D''Andrea, First'.
So for example to make this work you would have to do a str_replace("'","''",$dbRecord) before using that value in a where clause or insert value etc.
Hopefully this helps, as I just had the same issue last week.