Solved

Why extra \ characters to the query?

Posted on 2016-09-09
2
70 Views
Last Modified: 2016-09-15
I have pretty simple php-script to mssql database. When the query (execute dbo.TyoVuoro2 @het='090276-110Y') is in the script it works fine. But when query is sended ($kutsu) to the script it have extra \ characters  (execute dbo.TyoVuoro2 @het=\'090276-110Y\') and it give error: Incorrect syntax near '090276-110Y\'.

What is wrong in the script:

<?php
header('Content-Type: application/xml; charset=ISO-8859-1'); 

$kutsu = $_GET[("kutsu")];

$runSQL = true;
//........................................................................................

$value = '<?xml version="1.0" encoding="ISO-8859-1"?>';
$value .= "<flashsql>";

//........................................................................................

error_reporting(0);

//........................................................................................

$myServer = "*";
$myUser = "*";
$myPass = "*";
$myDB = "*";

//........................................................................................

function myErrorHandler($errno, $errstr, $errfile, $errline) 
{
	// Do something other than output message.
	return true;
}

$old_error_handler = set_error_handler("myErrorHandler");

//........................................................................................

//connection to the database 
$dbhandle = mssql_connect($myServer, $myUser, $myPass);
	//or die("Couldn't connect to SQL Server on $myServer");

//........................................................................................

if($runSQL)
{
	if (!$dbhandle) 
	{
		//Could not connect to database
		$value.="<database_connection>0</database_connection>";
		$value.="<error>"."<![CDATA["."Database connection OFF (oma)"."]]>"."</error>";
		$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
	}
	else
	{
		$value.="<database_connection>1</database_connection>";
		
		if(!mssql_select_db($myDB, $dbhandle))
		{
			//Connected to database but cannot select database
			$value.="<database_selection>0</database_selection>";
			$value.="<error>"."<![CDATA["."Database selection OFF (oma 2)"."]]>"."</error>";
			$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
		}
		else
		{
			//Connected to and selected database
			$value.="<database_selection>1</database_selection>";
			
			$qry_val = iconv("UTF-8", "ISO-8859-1", $kutsu);
			//$qry_val = utf8_encode($kutsu);		
			
			if(!$result = mssql_query($qry_val))
			{
				$value.="<sql>0</sql>";
				$value.="<error>"."<![CDATA[".utf8_encode(mssql_get_last_message())."]]>"."</error>";
				$value.="<errorKysely>"."<![CDATA[".$kutsu."]]>"."</errorKysely>";
			}
			else
			{
				$value.="<sql>1</sql>"; //sql ran well
				$value.="<sama>0</sama>";
				$value.="<results>";

				$num_cols = mssql_num_fields($result);
				
				$count = 1;
				
				while ($row = mssql_fetch_row($result))
				{
					$value.="<record>";
					
					for($i=0; $i<$num_cols; $i++)
					{
						$vals = "<".mssql_field_name($result,$i)."><![CDATA[".$row[$i]."]]></".mssql_field_name($result,$i).">";
						$value.=$vals;
					}
					
					$value.="</record>";
					$count++;
				}
				
				$value.="</results>";
			}
		}
	}
}

$value.="</flashsql>";

echo $value;

Open in new window

0
Comment
Question by:Mirc Klö
2 Comments
 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41791732
The extra slashes appear to be an artifact of double escaping or magic quotes.  Not sure about that, but it's worth checking.  Details here:
https://www.experts-exchange.com/articles/6630/Magic-Quotes-a-bad-idea-from-day-one.html
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.
Via a live example, show how to setup several different housekeeping processes for a SQL Server.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question