List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:April 28 2000 11:18pm
Subject:Re: Handling text block with quote "" embedded in it
View as plain text  
At 7:07 AM -0500 2000-04-29, Xiaolin Allen Zhao wrote:
>Hi, All,
>
>	It is a kind of stupid question:
>
>	insert into table_name (field_name) values ("test_block");
>
>	But the text_block itself may contain "". Is there a better way of
>doing this?
>
>	In fact, this is a cgi writen in C where
>	sprintf(sql_command, "insert into table_name (field_name) values
>(\"%s\")", text_block);
>
>	I see a trap in the statement when text_block itself contains some ""
>mark.
>
>	Any comments?


Escape the quote with a backslash.  You can use the mysql_escape_string()
function from the MySQL C API to do this for you.  See the C API
chapter of the MySQL Reference Manual.

-- 
Paul DuBois, paul@stripped
Thread
Handling text block with quote "" embedded in itXiaolin Allen Zhao29 Apr
  • Re: Handling text block with quote "" embedded in itPaul DuBois29 Apr
  • Re: Handling text block with quote "" embedded in itFaisal Nasim29 Apr
  • Re: Handling text block with quote "" embedded in itOrlando Andico29 Apr