0

I have a sql request and in firebug I have an error.

This is my sql request :

$sql = "UPDATE public.".$tableBDD." SET ".$champsDB." WHERE ".$idTable."='".$idUpdate."'";

And before that, I have this :

$champsDB.= $champs->nom.'=\''.addslashes($ligne[$i]).'\',';

So it should work because I add slashes in my string. But my error is :

Warning: pg_query(): Query failed: ERROR: syntaxe error on « hiver » LINE 1: ...M_ASK',annee_ref_c_amg='1958',nom_culture='Blé d\'hiver',dat...

And it shows the error on "d'\hiver" So I donc understand why because I shouldn't have an error with the quotes anymore.

Can someone help me please ?

Barmar
  • 741,623
  • 53
  • 500
  • 612
Erlaunis
  • 1,433
  • 6
  • 32
  • 50

1 Answers1

0

In PostgreSQL you have to use pg_escape_string:

pg_escape_string() escapes a string for querying the database. It returns an escaped string in the PostgreSQL format without quotes. pg_escape_literal() is more preferred way to escape SQL parameters for PostgreSQL. addslashes() must not be used with PostgreSQL. If the type of the column is bytea, pg_escape_bytea() must be used instead. pg_escape_identifier() must be used to escape identifiers (e.g. table names, field names)

See: http://php.net/manual/en/function.pg-escape-string.php

Xavjer
  • 8,838
  • 2
  • 22
  • 42
  • Thanks. So I should have something like that : $sql = "UPDATE public.".$tableBDD." SET ".pg_escape_string($champsDB)." WHERE ".$idTable."='".$idUpdate."'"; But after that, my string is : `'id_traitement =''ASK_FYM_ASK'',annee_recolte=''1957'',id_itk_pro=''ITKpro_ASK_FYM_ASK_1957'',id_essai=''ASK''...` with double quotes :/ – Erlaunis Sep 04 '15 at 08:08
  • Well you must use the function on the values, not the field names, therefore this must be done before stringing this together – Xavjer Sep 04 '15 at 08:12
  • So I tried with : `$champsDB.= $champs->nom.'='.pg_escape_string($ligne[$i]).',';` So it should be applied on the values only and not the fields but in this case, I don't have quote :/ `id_traitement=ASK_FYM_ASK,annee_recolte=1957,id_itk_pro =ITKpro_ASK_FYM_ASK_1957,id_essai=ASK,code_traitement=FYM_ASK` – Erlaunis Sep 04 '15 at 08:16