Link to home
Start Free TrialLog in
Avatar of browsw
browsw

asked on

Single quotes on sqlsrv (mssql+php) prepared statements with parameters save as two quotes into DB

Hi,
When using prepared statements to insert data into an MSSQL database from PHP, I have noticed that it is putting two single quote marks into the database - so for example I don't think so would save as I don''t think so. This does not happen with non-prepared statements - but these are obviously a no-go.

Code
$sql = "INSERT INTO TblCatchUp (cuStaffID, cuReason, cuDate, cuPupilID, cuDetails, cuSubject) VALUES (?, ?, ?, ?, ?, ?)";
$params = array($submit_teacher, $submit_reason, $submit_date, $submit_refNo, $reasonSubmit2, $submit_subject);
$stmt = sqlsrv_query($conn, $sql, $params);
sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC);

Open in new window


For info php.ini is set as:
magic_quotes_gpc      On      
magic_quotes_runtime      Off      
magic_quotes_sybase      On

Thank you in advance for your advice.
Avatar of Máté Farkas
Máté Farkas
Flag of Hungary image

Let's print out $stmt before sqlsrv_fetch_array() (anyway you need sqlsrv_execute() instead of sqlsrv_fetch_array() because INSERT does not return anything, so you cannot fetch rows).
So please print and send the content of: $stmt, $submit_teacher, $submit_reason.
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of browsw
browsw

ASKER

Indeed magic_quotes_gpc is the problem. Switching it off gives the expected behaviour but does break some legacy code, so we'll have to get that sorted first.
PHP is 5.3.28 so I'll look to get that updated too.
Thank you for your concise and helpful answer Ray.
Glad to help :-)