browsw
asked on
Single quotes on sqlsrv (mssql+php) prepared statements with parameters save as two quotes into DB
Hi,
When using prepared statements to insert data into an MSSQL database from PHP, I have noticed that it is putting two single quote marks into the database - so for example I don't think so would save as I don''t think so. This does not happen with non-prepared statements - but these are obviously a no-go.
Code
For info php.ini is set as:
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase On
Thank you in advance for your advice.
When using prepared statements to insert data into an MSSQL database from PHP, I have noticed that it is putting two single quote marks into the database - so for example I don't think so would save as I don''t think so. This does not happen with non-prepared statements - but these are obviously a no-go.
Code
$sql = "INSERT INTO TblCatchUp (cuStaffID, cuReason, cuDate, cuPupilID, cuDetails, cuSubject) VALUES (?, ?, ?, ?, ?, ?)";
$params = array($submit_teacher, $submit_reason, $submit_date, $submit_refNo, $reasonSubmit2, $submit_subject);
$stmt = sqlsrv_query($conn, $sql, $params);
sqlsrv_fetch_array( $stmt, SQLSRV_FETCH_ASSOC);
For info php.ini is set as:
magic_quotes_gpc On
magic_quotes_runtime Off
magic_quotes_sybase On
Thank you in advance for your advice.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Indeed magic_quotes_gpc is the problem. Switching it off gives the expected behaviour but does break some legacy code, so we'll have to get that sorted first.
PHP is 5.3.28 so I'll look to get that updated too.
Thank you for your concise and helpful answer Ray.
PHP is 5.3.28 so I'll look to get that updated too.
Thank you for your concise and helpful answer Ray.
Glad to help :-)
So please print and send the content of: $stmt, $submit_teacher, $submit_reason.