Need Help escaping an apostrophe in CSV -->SQL using PHP -


ok know need use str_replace , have tried $thequery = str_replace("'", "''", $thequery); didn't work. please don't ding me on code...i didn't write it. each week txt file done csv our course offerings , copy , paste web page following code , gets posted mssql table...however have course name ' , doesn't load , have manually remove '. need escape ' , can use help.

if ($_post) {      if(isset($_post['semester'])) {         # table name upload         $tablename = $_post['semester'];     } else {         die("no table use");     }      # parsing of text     $thequery = $_post['sql'];     $thequery = str_replace("\"", "'", $thequery);     $thequery = str_replace(".00", "", $thequery);     $thequery = str_replace(".50", "", $thequery);     $thequery = str_replace("'brien", " brien", $thequery);     $thequery = str_replace("'shaughnessy", " shaughnessy", $thequery);     $thequery = str_replace("--", "10-01-01", $thequery);     $thequery = str_replace("web", "online", $thequery);     $squery = explode("\n", $thequery);      $names = array();     $equery = array();     $i = 0;      foreach($squery $newquery) {         $a = split('[*]', $newquery);         $final = substr($a[0], 0, -2);          $newid = $a[1];         $names[$i] = $newid;         $equery[$i] = $final;         $i++;     }      $scount = 0;      # easiest way redo course list drop table , re-insert new values      mssql_query("drop table [dbo].[$tablename]") or die(mysql_error());      mssql_query("create table [dbo].[$tablename] (division char(4) null, cid char(11) null, cname char(45) null, credits tinyint null, days char(7) null, day_m tinyint null, day_t tinyint null, day_w tinyint null, day_r tinyint null, day_f tinyint null, day_s tinyint null, sdate datetime null, edate datetime null, stime datetime null, etime datetime null, duration char(5) null, building char(3) null, room char(4) null, method char(12) null, instructor char(40) null, secsyn int null)") or die(mysql_error());      # inserts courses      while ($scount < count($equery)) {          mssql_query("insert [dbo].[$tablename] (division, cid, cname, credits, days, day_m, day_t, day_w, day_r, day_f, day_s, sdate, edate, stime, etime, duration, building, room, method, instructor, secsyn) values ($equery[$scount])") or die(mysql_error());         print($equery[$scount] . " has been entered.<br>");           $scount++;      }      # quick hack update "last updated" current date     $date = date("m j y g:ia");     mssql_query("update courses set updated='$date' id='abed140'") or die(mysql_error());      $nq = mssql_query("select * [dbo].[$tablename] method='online'") or die(mysql_error());     $tnum = 0;      print("<br /><br />");      # sets courses hybrids if have 'h' in course id     while($tnum < mssql_num_rows($nq)) {         $tcourse = mssql_result($nq,$tnum,"cid");          $ccode = explode(" ",$tcourse);          if(isset($ccode[1])) {             if (strpos($ccode[1], 'h') !== false) {                 mssql_query("update [dbo].[$tablename] set method='hybrid' cid='$tcourse'") or die(mysql_error());                 print("updated " . $tcourse . " hybrid course.<br />");             }         }          $tnum++;     }      # special cases classes need set hybrid     # add $sq[next number] = "course id"; , set hybrid      $sq = array();     $sq[0] = "biol101 wh";     $sq[1] = "biol140 wh";      foreach ($sq $nq) {         if(mssql_num_rows(mssql_query("select * [dbo].[$tablename] cid='$nq'")) > 0) {             mssql_query("update [dbo].[$tablename] set method='hybrid' cid='$nq'") or die(mysql_error());             print("updated " . $nq . " hybrid course.<br />");         }     }      # checking make sure online classes have special_online table link      $cq = mssql_query("select * [dbo].[$tablename] method='online' or method='hybrid'");     $cn = 0;      while($cn < mssql_num_rows($cq)) {          $ccid = mssql_result($cq,$cn,"cid");         $ncq = mssql_query("select * [dbo].[special_online] cid='$ccid'");          if(mssql_num_rows($ncq) == 0) {             mssql_query("insert [dbo].[special_online] (cid,url) values ('$ccid','http://dacc.blackboard.com')") or die(mysql_error());             print("updated " . $ccid . " have online course link.<br />");         }          $cn++;     }  } else {         # prints our form shows when page first loaded     print("<form action='' method='post'><select name='semester'>     <option value='2011sp'>2011sp</optoin>     <option value='2011su'>2011su</option>     <option value='2011fa'>2011fa</option>     <option value='2011fa'>2011wi</option>     <option value='2012sp'>2012sp</option>     <option value='2012su'>2012su</option>     <option value='2012fa'>2012fa</option>     <option value='2013sp'>2013sp</option>     <option value='2013su'>2013su</option>     <option value='2013fa'>2013fa</option>       <option value='2013wi'>2013wi</option>     <option value='2014sp'>2014sp</option>     <option value='2014su'>2014su</option>     <option value='2014fa'>2014fa</option>     </select><br><br>insert statement:<br><textarea name='sql' rows='10' cols='100'></textarea><br><input type='submit' value='submit'></form>"); } 

try replace ' \ before put in database:

change line:

$thequery = str_replace("\"", "'", $thequery); 

to:

$thequery = str_replace("'", "\\", $thequery); 

demo


Comments

Popular posts from this blog

Android layout hidden on keyboard show -

google app engine - 403 Forbidden POST - Flask WTForms -

c - Why would PK11_GenerateRandom() return an error -8023? -