Interview Questions Answers.ORG
Interviewer And Interviewee Guide
Interviews
Quizzes
Home
Quizzes
Interviews Databases Programming Interviews:BtrieveClipperData ModelingData StructuresDatabase AdministrationDatabase Administrator (DBA)Database AnalystDatabase DeveloperDB DevelopmentEDI/Data Integration ExpertFirebirdHierarchicalIBM DB2InformixJava DatabaseMariaDBMicrosoft Access DeveloperMongoDBMS SQL ServerMySQL ProgrammingNetworkNoSQLObject RelationalPostgrePostgreSQLProgressRDBMSRelationalSQLSQL AdministratorSQL and PL/SQLSQL Notification ServicesSQL server 2008SSRSStored ProcedureSybaseTeradata
Copyright © 2018. All Rights Reserved
MS SQL Server Interview Question:
PHP MSSQL - How To Include Text Values in SQL Statements?
Submitted by: AdministratorText values in SQL statements should be quoted with single quotes ('). If the text value contains a single quote ('), it should be protected by replacing it with two single quotes (''). In SQL language syntax, two single quotes represents one single quote in string literals.
The tutorial exercise below shows you two INSERT statements. The first one will fail, because it has an un-protected single quote. The second one will be ok, because a str_replace() is used to replace (') with (''):
Submitted by: Administrator
The tutorial exercise below shows you two INSERT statements. The first one will fail, because it has an un-protected single quote. The second one will be ok, because a str_replace() is used to replace (') with (''):
Submitted by: Administrator
<?php
$con = mssql_connect('LOCALHOST','sa','GlobalGuideLine');
mssql_select_db('GlobalGuideLineDatabase', $con);
$notes = "It's a search engine!";
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 201, 'www.google.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
$notes = "It's another search engine!";
$notes = str_replace("'", "''", $notes);
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 202, 'www.yahoo.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
mssql_close($con);
?>
If you run this script, you will get something like this:
SQL statement failed with error:
Unclosed quotation mark after the character string
Submitted by: Administrator
$con = mssql_connect('LOCALHOST','sa','GlobalGuideLine');
mssql_select_db('GlobalGuideLineDatabase', $con);
$notes = "It's a search engine!";
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 201, 'www.google.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
$notes = "It's another search engine!";
$notes = str_replace("'", "''", $notes);
$sql = "INSERT INTO ggl_links (id, url, notes) VALUES ("
. " 202, 'www.yahoo.com', '".$notes."')";
if (!mssql_query($sql, $con)) {
print("SQL statement failed with error: ");
print(" ".mssql_get_last_message()." ");
} else {
print("1 rows inserted. ");
}
mssql_close($con);
?>
If you run this script, you will get something like this:
SQL statement failed with error:
Unclosed quotation mark after the character string
Submitted by: Administrator
Copyright 2007-2024 by Interview Questions Answers .ORG All Rights Reserved.
https://InterviewQuestionsAnswers.ORG.
https://InterviewQuestionsAnswers.ORG.