troubleshooting Question

Escape single quote before insert into mssql

Avatar of BHUC
BHUCFlag for United States of America asked on
Microsoft SQL ServerSQL
4 Comments1 Solution273 ViewsLast Modified:
I don't know why I am struggling with this so bad, but I have a simple form field (text area) that gets inserted into a database. After switching to mssql instead of mysqli I can't figure out how to escape the single quotes and get the insert or update to work.

if I have this form field
Comments: <textarea name="RACOMMENTS" cols="100" rows="10"  /></textarea>

and this update:
"update table set RACOMMENTS='" . $_POST['RACOMMENTS'] . "' ";
$result-sqlsrv_query($conn,$sql);

How do I escape that field to allow a word like don't or can't or sister's
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros