Help building a Query for a Hook.

**chrislynch8** · 2010-10-04, 01:54 PM

I'm am trying to run a query in a Logic Hook and I am using a field from the CRM that could contain ' so I need to escape this in the query so the SQL syntax is correct. I tried the following but Sugar is escaping my escapes I beleive.

PHP Code:

 $name = str_replace("'","\'",$bean->name);
$query = 'SELECT * FROM table WHERE name = $name AND number = "'.$bean->number.'"';

Should I be using a different function to escape my name field.

Rgds
Chris

**********************************
Sloved
**********************************

Using $bean->db->quote($bean->name) I was able to correctly add my escape characters as required by Mysql.

**robertbmirth** · 2010-10-04, 05:03 PM

In general, there's also the built in PHP function mysql_real_escape_string() but I guess its better to use Sugar's function as it is probably database type independent (i.e. I'm guessing it works on postgres, MSSQL, etc as well). Thanks for the info though.

**chrislynch8** · 2010-10-05, 12:04 PM

Hi,

I did try the built in php function but it looks like sugar was then removeing the escapes. So that why I used the Sugars Function instead.

Rgds
Chris