How to escape strings in SQL Server using PHP?

Question

I\'m looking for the alternative of mysql_real_escape_string() for SQL Server. Is addslashes() my best option or there is another alternative funct

Answer 1

In order to escape single- and double-quotes, you have to double them up:

$value = 'This is a quote, "I said, 'Hi'"';

$value = str_replace( "'", "''", $value ); 

$value = str_replace( '"', '""', $value );

$query = "INSERT INTO TableName ( TextFieldName ) VALUES ( '$value' ) ";

etc...

and attribution: Escape Character In Microsoft SQL Server 2000