Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 100
  • Last Modified:

Why extra \ characters to the query?

I have pretty simple php-script to mssql database. When the query (execute dbo.TyoVuoro2 @het='090276-110Y') is in the script it works fine. But when query is sended ($kutsu) to the script it have extra \ characters  (execute dbo.TyoVuoro2 @het=\'090276-110Y\') and it give error: Incorrect syntax near '090276-110Y\'.

What is wrong in the script:

<?php
header('Content-Type: application/xml; charset=ISO-8859-1'); 

$kutsu = $_GET[("kutsu")];

$runSQL = true;
//........................................................................................

$value = '<?xml version="1.0" encoding="ISO-8859-1"?>';
$value .= "<flashsql>";

//........................................................................................

error_reporting(0);

//........................................................................................

$myServer = "*";
$myUser = "*";
$myPass = "*";
$myDB = "*";

//........................................................................................

function myErrorHandler($errno, $errstr, $errfile, $errline) 
{
	// Do something other than output message.
	return true;
}

$old_error_handler = set_error_handler("myErrorHandler");

//........................................................................................

//connection to the database 
$dbhandle = mssql_connect($myServer, $myUser, $myPass);
	//or die("Couldn't connect to SQL Server on $myServer");

//........................................................................................

if($runSQL)
{
	if (!$dbhandle) 
	{
		//Could not connect to database
		$value.="<database_connection>0</database_connection>";
		$value.="<error>"."<![CDATA["."Database connection OFF (oma)"."]]>"."</error>";
		$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
	}
	else
	{
		$value.="<database_connection>1</database_connection>";
		
		if(!mssql_select_db($myDB, $dbhandle))
		{
			//Connected to database but cannot select database
			$value.="<database_selection>0</database_selection>";
			$value.="<error>"."<![CDATA["."Database selection OFF (oma 2)"."]]>"."</error>";
			$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
		}
		else
		{
			//Connected to and selected database
			$value.="<database_selection>1</database_selection>";
			
			$qry_val = iconv("UTF-8", "ISO-8859-1", $kutsu);
			//$qry_val = utf8_encode($kutsu);		
			
			if(!$result = mssql_query($qry_val))
			{
				$value.="<sql>0</sql>";
				$value.="<error>"."<![CDATA[".utf8_encode(mssql_get_last_message())."]]>"."</error>";
				$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
			}
			else
			{
				$value.="<sql>1</sql>"; //sql ran well
				$value.="<sama>0</sama>";
				$value.="<results>";

				$num_cols = mssql_num_fields($result);
				
				$count = 1;
				
				while ($row = mssql_fetch_row($result))
				{
					$value.="<record>";
					
					for($i=0; $i<$num_cols; $i++)
					{
						$vals = "<".mssql_field_name($result,$i)."><![CDATA[".$row[$i]."]]></".mssql_field_name($result,$i).">";
						$value.=$vals;
					}
					
					$value.="</record>";
					$count++;
				}
				
				$value.="</results>";
			}
		}
	}
}

$value.="</flashsql>";

echo $value;

Open in new window

0
Mirc Klö
Asked:
Mirc Klö
1 Solution
 
Ray PaseurCommented:
The extra slashes appear to be an artifact of double escaping or magic quotes.  Not sure about that, but it's worth checking.  Details here:
https://www.experts-exchange.com/articles/6630/Magic-Quotes-a-bad-idea-from-day-one.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Tackle projects and never again get stuck behind a technical roadblock.
Join Now