I am attempting to replace ‘ with ” for error reasons within MSSQL queries.

Question

0

Asked: June 11, 20262026-06-11T04:56:36+00:00 2026-06-11T04:56:36+00:00

I am attempting to replace ‘ with ” for error reasons within MSSQL queries.

0

I am attempting to replace ‘ with ” for error reasons within MSSQL queries. I understand that it could be more secure, I am just learning and they will get more secure.

So I used str_replace. and did this.

$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE %s SET PageHTML = ('%s') WHERE PageID = '%d'",
$dbTABLE,
str_replace("'","''",$PageHTML),
$PageID);

Worked fine, but for consistency and ease of use I want to write a function I could just include in all pages. Function looks like this:

 function SQLencode($svalue) {

str_replace("'","''",$svalue);

}

and implemented like this:

SQLencode($PageHTML),

However this just wipes all data from the query, I don’t understand why. All my data is just blank afterwards. Can anyone tell me where I am going wrong?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-11T04:56:37+00:00

Editorial Team

2026-06-11T04:56:37+00:00Added an answer on June 11, 2026 at 4:56 am

You need to return the value from the function SQLencode(..).

function SQLencode($svalue) {
    return str_replace("'","''",$svalue);
}

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am attempting to replace ‘ with ” for error reasons within MSSQL queries.

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply