Treatment "escape" in query (escape of characters)

2

Scenario:

Insert Query:

public function forward($descricao)
{
    ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'" ;
    $sql_enc = " INSERT INTO rg_encaminhamentos ('descricao') VALUES ($descricao) ";

}

I'm inserting in the text (in the case in $descricao ):

SET UF = 18
WHERE DOCUMENTO IN (SELECT HANDLE FROM DOCUMENTOS
WHERE DOCUMENTODIGITADO IN ('218747','218748','218786','218787','218794',
'218795','218839','218840','218885','218886','218914','218915'))

Problem:

The error in the query occurs because the text is recognized as part of the code .

Doubt:

  • What possible ways to handle this?
asked by anonymous 18.01.2018 / 13:02

1 answer

1

Solved with command addslashes :

public function forward($descricao){

   $descricao = addslashes($descricao);

   ($descricao == '') ? $descricao = 'NULL' : $descricao = "'{$descricao}'";

   $sql_enc = " INSERT INTO rg_encaminhamentos ('descricao') VALUES ($descricao) ";
}

The command adds the bars to escape the characters.

Official manual: link

    
18.01.2018 / 13:28