• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ODBC SELECT - no value escape ?

#1
[eluser]hykoh[/eluser]
Hi there,

i need to migrate a MSSQL DB to a new DB. In the MSSQL DB, there is no numeric key used for datasets, only strings/names. So, if I foreach the results and try to query other reference tables, i fail on names within a single quote in it:

Quote:[Microsoft][ODBC SQL Server Driver][SQL Server]Zeile 3: Falsche Syntax in der Nähe von 'Andrea'.

SELECT * FROM sysop.SD_Model_Locations WHERE SMLC_SM_Model = 'D'Andrea, Firstname'

Filename: C:\xampp\htdocs\system\database\DB_driver.php

Is it a bug within the CI ODBC driver ?

#2
[eluser]Narf[/eluser]
That's a rather ... complicated one. It's as much intended as it is a bug.

Due to the very nature of ODBC - you can use pretty much any database platform without CodeIgniter having a way of knowing which one it is. And different databases have different escape characters and rules, so it's really up to you to do such kind of escaping.

#3
[eluser]MRosenello[/eluser]
For MSSQL sepcifically, you would add another ' to it. So 'D'Andrea, First' would become 'D''Andrea, First'.

So for example to make this work you would have to do a str_replace("'","''",$dbRecord) before using that value in a where clause or insert value etc.

Hopefully this helps, as I just had the same issue last week.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.