No announcement yet.

Escaping special characters for database insertion

  • Filter
  • Time
  • Show
Clear All
new posts

  • Escaping special characters for database insertion

    I'm using the runQuery API to directly insert new customers into the 3dcart database. I have run into an issue with customer surnames such as O'neil.
    How do I escape the single quote so that the INSERT query will work?

    I have tried the standard SQL methods of putting 2 single quotes O''neil and also O\'neil but they don't work

    query is of the form "INSERT IGNORE INTO customers (fname,surname) VALUES ('Fred','O'Neil')

    Any ideas?

  • #2
    Sorry I don't have an answer, and I don't care to experiment too much with Insert queries. Everything I can find online indicates that a double single quote should work:

    Escape single quotes and wild cards

    MS Access - escaping single quotes

    Only thing I can say is keep in mind the database system is MS Access when googling for an answer..


    • #3
      What script language are you using to send the request?

      Here's an article I found on PHP that may help

      sql server - How to escape strings in MSSQL using PHP? - Stack Overflow


      • #4
        Thanks jleclair
        I am using PHP and the mssql_escape() function outlined in that link work a treat.