I am trying to SQL a DB2 database (on an iSeries) using PHP and "DB2_exec"- not mysql.
I have these characters in my WHERE clause (variable $EncSSN) which cause the SQL statement to stop: ðIn*Éæng “"Ò×ÑRÈ•`
The SQL is constructed as:
select EENUM, EESSN
from EEMAST
where EESSN = '$EncSSN'
The field in the table EESSN contains encrypted values. - I get no errors and no log entries. The html renders a blank page. - I have tried replacing (str_replace) quotes, single quotes, period, etc with escape character '\' - I can't use mysql_real_escape_string because I am loading the db2_connect resource.
If I change the SQL statement above's where to select a value from a different field, my html is rendered properly.
Can you think of anyway I can accomplish this?
Steven
try the addslashes() function http://php.net/manual/en/function.addslashes.php
or heredoc or nowdoc syntax http://php.net/manual/en/language.types.string.php
you could also put the sql in a stored proc, but you may have the same issues for the parameter value and need to try one of the above.
Prepare the SQL and set the parameter for where clause using the array approach. Never ever attempt to build SQL queries by string functions.