[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

mySQL/ Insert [set] problem escaping

To: "Minivend-Users (E-mail)" <minivend-users@minivend.com>
Subject: mySQL/ Insert [set] problem escaping
From: "Russ" <russ@khouse.org>
Date: Thu, 22 Jul 1999 14:03:09 -0700
Importance: Normal
Reply-To: <russ@khouse.org>

Hello,

I am having a problem with an SQL INSERT.  I'm logging each item transacted
to the 'transactions' table in the mySQL database.  This is how I log it:

[calc]$counter=1[/calc]
[item-list]
[sql type=set base=transactions interpolate=1]
          insert into transactions
          values
           ('[value mv_order_number]-[calc]$counter[/calc]',
		    '[value mv_order_number]',
			'[data session username]',
	            '[value sourceid escape]',
			'[value order_date]',
			'[item-code]',
			'[item-quantity]',
			'[item-price noformat=1]',
			'[item-field title]'
           )
      [/sql]
[calc]$counter++[/calc]
[/item-list]

The problem is the [item-field title].  If there is a single quote ('), it
wrecks the SQL INSERT statement.  I've tried these also:
'[item-field title escape]'
'[item-field title escaped=1]'
and these two things print the literal string, "[item-field title escape]"
and "[item-field title escaped=1]".

Does anyone know how to make minivend escape the single quotes in a string
before attempting to insert it into the SQL table?

Russ&#160;Mann

Follow-Ups:
- Re: mySQL/ Insert [set] problem escaping
  - From: August Detlefsen <augustd@idiom.com>

Prev by Date: Re: bug found in minivend with uploading files. 64k limit
Next by Date: Re: Looking for new MVEND ISP
Prev by thread: Re: Looking for new MVEND ISP
Next by thread: Re: mySQL/ Insert [set] problem escaping
Index(es):
- Date
- Thread