Treatment "escape" in query (escape of characters)

Question

Treatment "escape" in query (escape of characters)

Navigation

#1 by (1 votes)

2

Scenario:

Insert Query:

public function forward($descricao)
{
    ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'" ;
    $sql_enc = " INSERT INTO rg_encaminhamentos ('descricao') VALUES ($descricao) ";

}

I'm inserting in the text (in the case in $descricao ):

SET UF = 18
WHERE DOCUMENTO IN (SELECT HANDLE FROM DOCUMENTOS
WHERE DOCUMENTODIGITADO IN ('218747','218748','218786','218787','218794',
'218795','218839','218840','218885','218886','218914','218915'))

Problem:

The error in the query occurs because the text is recognized as part of the code .

Doubt:

What possible ways to handle this?

php mysql

asked by anonymous 18.01.2018 / 13:02

1 answer

Access denied access controller with CodeIgniter Difference in hours between days using carbon

score 1 · Accepted Answer

Solved with command addslashes :

public function forward($descricao){

   $descricao = addslashes($descricao);

   ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'";

   $sql_enc = " INSERT INTO rg_encaminhamentos ('descricao') VALUES ($descricao) ";
}

The command adds the bars to escape the characters.

Official manual: link