detox1978
asked on
MySQL: escape special characters
Hi All,
Is there a function (or some way to) replace special characters in MySQL e.g. quotes, commas, carriage returns etc...
It's for an INSET INTO query. So i'm hoping for a REGEX or similar that can be applied to the field.
Something along these lines
Many thanks
D
Is there a function (or some way to) replace special characters in MySQL e.g. quotes, commas, carriage returns etc...
It's for an INSET INTO query. So i'm hoping for a REGEX or similar that can be applied to the field.
Something along these lines
SELECT id, addslashes(company), addslashes(contact) FROM crm;
Many thanks
D
ASKER
So how do I apply that to a basic SELECT query? The below query doesnt work
SELECT id, mysql_real_escape_string(company), mysql_real_escape_string(contact) FROM crm;
This article shows how to use regular expressions in MySQL which combined with the escape strings should do what you need.
http://dev.mysql.com/doc/refman/5.0/en/regexp.html
http://dev.mysql.com/doc/refman/5.0/en/regexp.html
You only escape the values you are passing to mysql
Though the old mysql library is now deprecated and you should be using MySQLi or PDO
"select * from table where column='" . mysql_real_escape_string($the_value) . "'";
"insert into table (column1, column2) values ('".mysql_real_escape_string($the_value1)."','".mysql_real_escape_string($the_value2)."')";
Though the old mysql library is now deprecated and you should be using MySQLi or PDO
You shouldn't need escape strings in a select statement, only on INSERTS or UPDATES.
Assuming you wanted to use REGEX:
INSERT INTO crm (id, company, contact)
VALUES (mysql_real_escape_string($val1), mysql_real_escape_string($val2), mysql_real_escape_string($val3))
Assuming you wanted to use REGEX:
INSERT INTO crm (id, company, contact)
VALUES ('$val1' REGEX 'expresion1', '$val2' REGEX 'expression2', '$val3' REGEX 'expression3')
ASKER
A little background on what I am doing;
I have an ODBC connection that imports data from Lotus Notes. The table doesnt have an auto_id etc... and is packed with carriage returns and single/double quotes.
I can do a simple INSERT INTO to get the auto id, but I'd like to remove carriage returns and escape any other special characters.
When I tried mysql_real_escape_string() it returns the following error. Function does not exist.
I have an ODBC connection that imports data from Lotus Notes. The table doesnt have an auto_id etc... and is packed with carriage returns and single/double quotes.
I can do a simple INSERT INTO to get the auto id, but I'd like to remove carriage returns and escape any other special characters.
When I tried mysql_real_escape_string()
ASKER
This is a scheduled task being run on the MySQL server (not via a PHP script)
mysql_real_escape_string() is a PHP function,not a MySQL function
So how exactly are you getting the data and inserting it - you must be using some language.
So how exactly are you getting the data and inserting it - you must be using some language.
ASKER
It's native mySQL script run via SQLyog on a scheduled task.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, I thought there would be something built into MySQl. I've done it via a PHP script.
http://dev.mysql.com/doc/refman/5.0/en/string-literals.html