On Tue, August 7, 2007 3:34 pm, Graham Anderson wrote:
> What is the proper way to get the ADODB class to automatically add
> quotes to the below sql ?
> I'm guessing that the below fails because none of the variables get
> quoted with the method, qstr.
>
> $sql = "insert into email (to_name, to_email, from_name, from_email,
> subject, message, timestamp, ip) ";
> $sql .= "values ($to_name, $to_email, $from_name, $from_email,
> $subject, $message, $time, $ip)";
>
>
> I tried something like the below to no avail
> $sql .= "values($conn->qstr($to_name), $conn->qstr
> ($to_email), .......)";
>
>
> Is there an accepted way to place multiple $variables inside an ADODB
> insert statement?
I thing the qstr function is what you want, but you'd have to ask an
ADODB list about that...
If it bothers you to have to type $conn->qstr so much, you could do
something like:
$values = array($to_name, $to_email, ...);
$values_sql = array_map($values, array($conn, 'qstr'));
$sql .= " values (" . implode(',', $values_sql) . " )";
It's possible that qstr only ESCAPES any embedded apostrophes or other
nasty characters, and you really want:
$sql .= " values ('" . implode("', '", $values_sql) . "' )";
But, again, the ADODB list would be your best bet for finding out what
qstr actually does.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
