MS SQL Server Concepts and Programming Question: Download Questions PDF
PHP MSSQL - How To Include Text Values in SQL Statements?
Answers:
Answer #1Text values in SQL statements should be quoted with single quotes ('). If the text value contains a single quote ('), it should be protected by replacing it with two single quotes (''). In SQL language syntax, two single quotes represents one single quote in string literals.
The tutorial exercise below shows you two INSERT statements. The first one will fail, because it has an un-protected single quote. The second one will be ok, because a str_replace() is used to replace (') with (''):
The tutorial exercise below shows you two INSERT statements. The first one will fail, because it has an un-protected single quote. The second one will be ok, because a str_replace() is used to replace (') with (''):
Answer #2<?php
$con = mssql_connect('LOCALHOST','sa','GlobalGuideLine');
mssql_select_db('GlobalGuideLineDatabase', $con);
$notes = "It's a search engine!";
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 201, 'www.google.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
$notes = "It's another search engine!";
$notes = str_replace("'", "''", $notes);
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 202, 'www.yahoo.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
mssql_close($con);
?>
If you run this script, you will get something like this:
SQL statement failed with error:
Unclosed quotation mark after the character string
$con = mssql_connect('LOCALHOST','sa','GlobalGuideLine');
mssql_select_db('GlobalGuideLineDatabase', $con);
$notes = "It's a search engine!";
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 201, 'www.google.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
$notes = "It's another search engine!";
$notes = str_replace("'", "''", $notes);
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 202, 'www.yahoo.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
mssql_close($con);
?>
If you run this script, you will get something like this:
SQL statement failed with error:
Unclosed quotation mark after the character string
Download MS SQL Server Interview Questions And Answers
PDF
Previous Question | Next Question |
PHP MSSQL - How To Delete Existing Rows in a Table? | PHP MSSQL - How To Include Date and Time Values in SQL Statements? |