Solved

Why extra \ characters to the query?

Posted on 2016-09-09
2
54 Views
Last Modified: 2016-09-15
I have pretty simple php-script to mssql database. When the query (execute dbo.TyoVuoro2 @het='090276-110Y') is in the script it works fine. But when query is sended ($kutsu) to the script it have extra \ characters  (execute dbo.TyoVuoro2 @het=\'090276-110Y\') and it give error: Incorrect syntax near '090276-110Y\'.

What is wrong in the script:

<?php
header('Content-Type: application/xml; charset=ISO-8859-1'); 

$kutsu = $_GET[("kutsu")];

$runSQL = true;
//........................................................................................

$value = '<?xml version="1.0" encoding="ISO-8859-1"?>';
$value .= "<flashsql>";

//........................................................................................

error_reporting(0);

//........................................................................................

$myServer = "*";
$myUser = "*";
$myPass = "*";
$myDB = "*";

//........................................................................................

function myErrorHandler($errno, $errstr, $errfile, $errline) 
{
	// Do something other than output message.
	return true;
}

$old_error_handler = set_error_handler("myErrorHandler");

//........................................................................................

//connection to the database 
$dbhandle = mssql_connect($myServer, $myUser, $myPass);
	//or die("Couldn't connect to SQL Server on $myServer");

//........................................................................................

if($runSQL)
{
	if (!$dbhandle) 
	{
		//Could not connect to database
		$value.="<database_connection>0</database_connection>";
		$value.="<error>"."<![CDATA["."Database connection OFF (oma)"."]]>"."</error>";
		$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
	}
	else
	{
		$value.="<database_connection>1</database_connection>";
		
		if(!mssql_select_db($myDB, $dbhandle))
		{
			//Connected to database but cannot select database
			$value.="<database_selection>0</database_selection>";
			$value.="<error>"."<![CDATA["."Database selection OFF (oma 2)"."]]>"."</error>";
			$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
		}
		else
		{
			//Connected to and selected database
			$value.="<database_selection>1</database_selection>";
			
			$qry_val = iconv("UTF-8", "ISO-8859-1", $kutsu);
			//$qry_val = utf8_encode($kutsu);		
			
			if(!$result = mssql_query($qry_val))
			{
				$value.="<sql>0</sql>";
				$value.="<error>"."<![CDATA[".utf8_encode(mssql_get_last_message())."]]>"."</error>";
				$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
			}
			else
			{
				$value.="<sql>1</sql>"; //sql ran well
				$value.="<sama>0</sama>";
				$value.="<results>";

				$num_cols = mssql_num_fields($result);
				
				$count = 1;
				
				while ($row = mssql_fetch_row($result))
				{
					$value.="<record>";
					
					for($i=0; $i<$num_cols; $i++)
					{
						$vals = "<".mssql_field_name($result,$i)."><![CDATA[".$row[$i]."]]></".mssql_field_name($result,$i).">";
						$value.=$vals;
					}
					
					$value.="</record>";
					$count++;
				}
				
				$value.="</results>";
			}
		}
	}
}

$value.="</flashsql>";

echo $value;

Open in new window

0
Comment
Question by:Mirc Klö
2 Comments
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41791732
The extra slashes appear to be an artifact of double escaping or magic quotes.  Not sure about that, but it's worth checking.  Details here:
https://www.experts-exchange.com/articles/6630/Magic-Quotes-a-bad-idea-from-day-one.html
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Via a live example, show how to shrink a transaction log file down to a reasonable size.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now