"escape" treatment in query (character escape)



  • Scenario:

    Insert Query:

    public function forward($descricao)
    {
        ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'" ;
        $sql_enc = " INSERT INTO rg_encaminhamentos (`descricao`) VALUES ($descricao) ";
    

    }

    I am inserting in the text (in the case in $descricao😞

    SET UF = 18
    WHERE DOCUMENTO IN (SELECT HANDLE FROM DOCUMENTOS
    WHERE DOCUMENTODIGITADO IN ('218747','218748','218786','218787','218794',
    '218795','218839','218840','218885','218886','218914','218915'))

    Problem:

    Error in query occurs as the text is recognized as part of the code.


    Doubt:

    • What possible ways to treat that?



  • Solved with the command addslashes:

    public function forward($descricao){
    

    $descricao = addslashes($descricao);

    ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'";

    $sql_enc = " INSERT INTO rg_encaminhamentos (descricao) VALUES ($descricao) ";
    }

    The command adds the bars to escape the characters.

    Official manual:
    http://php.net/manual/pt_BR/function.addslashes.php




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2