There are two escape sql server:
The first escape character is a single quote ( ')
'By default, the single quotation marks single quotation mark () (') is a boundary string, if the string contains a single quote ( '), you must use two single quotation marks ('), a first single quotation mark ( ') is the escape character.
Example:
Here is the error of sql,
INSERT INTO Cogs_PurchaseSale( CreateTime,UpdateTime,ApDate, Type,Change,Currency,ExchangeRate, [Date],StoreCode,ItemColor,Qty, ProfitCenter,CreditNote) SELECT getdate(), getdate(), '2019-11-01', case when LEN(isNull(sm.Type,'StockMovement'))>0 then sm.Type else 'StockMovement' end, 'Decrease', 'SYSTEM_LOCAL_CURRENCY','1', max(sm.[Date]), LEFT(sm.RecipientWarehouse,4), sm.ItemCode+sm.ColorCode, sum(sm.Qty), max(sm.ProfitCenter),max(sm.Remark) FROM Cogs_StockMovement as sm WHERE sm.APDate='2019-11-01' AND LEN(sm.RecipientWarehouse)>0 GROUP BY sm.Type, sm.RecipientWarehouse, sm.ItemCode, sm.ColorCode
I need to put this record into sql table
$failmsg=" INSERT INTO Cogs_PurchaseSale(CreateTime,UpdateTime,ApDate,Type,Change,Currency,ExchangeRate,[Date],StoreCode,ItemColor,Qty,ProfitCenter,CreditNote) SELECT getdate(), getdate(), '2019-11-01', case when LEN(isNull(sm.Type,'StockMovement'))>0 then sm.Type else 'StockMovement' end, 'Decrease', 'SYSTEM_LOCAL_CURRENCY','1', max(sm.[Date]), LEFT(sm.RecipientWarehouse,4), sm.ItemCode+sm.ColorCode, sum(sm.Qty), max(sm.ProfitCenter),max(sm.Remark) FROM Cogs_StockMovement as sm WHERE sm.APDate='2019-11-01' AND LEN(sm.RecipientWarehouse)>0 GROUP BY sm.Type, sm.RecipientWarehouse, sm.ItemCode, sm.ColorCode";
$sql="update Cogs_TaskList set FailDesc='".str_replace("'", "''", ($failmsg))."',UpdateTime='".date("Y-m-d H:i:s")."' where ID=".$id; $res= $dbobj->query($sql);
Here manner str_replace replaced by two single quotes single quotes
Another escape double quotes ( ")
When SET QUOTED_IDENTIFIER OFF, "boundary character string, the character string" must use two ", respectively.