Any php expert here? What's the oracle version of addslashes?
627683Jan 12 2009 — edited Jan 10 2012Hi, I have a form that let users upload images/pdfs/docs/ppts with their comments/descriptions into Oracle 9i .
In my code I have
$stmt = oci_parse($conn, "INSERT INTO FILES (PATIENTID, FILES, FORMAT, TYPE, DESCRIPTION, UPLOAD_DATE, FILE_SIZE, FILEID, FILENAME) VALUES
(:PATIENTID, EMPTY_BLOB(), '".$format."', '".$type."', '".$description."', '".$today."', '".$size.
"', fileid_seq.nextval, '".$name."') RETURNING FILES INTO :FILES");
If users input comments with single quote ('), that will break the query. So what I did was:
$description=addslashes($_POST['description']);
so that 23'23'23 becomes 23\'23\'23, but this works well with mysql database, not oracle. In php, addslashes returns a string with backslashes before characters that need to be quoted in database queries etc. These characters are single quote ('), double quote ("), backslash (\) and NUL (the NULL byte).
But for oracle, we need returns a string with another single quote before characters that need to be quoted in database queries.
Maybe I asked the question at the wrong place, anybody know any php function that will add ' to strings so that 'eddie's toy' will becomes 'eddie''s toy'?