SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    Coding for Jesus LavernGingerich's Avatar
    Join Date
    Jul 2003
    Location
    Tennessee
    Posts
    607
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Why can't I use an apostrophe in the search string?

    I am working with PHP and MySQL. I can search for products in my database using a search field on my website, but whenever I use a ' in the string, it returns an error as follows:

    You have an error in your SQL syntax near '' ORDER BY Title ASC LIMIT 0, 10' at line 1

    Please tell me what needs to changed in my code. It is probably easy to fix, but I don't know enough about this to fix it. Thanks for all your help!

    Lavern Gingerich
    Lighthouse Publishing, Inc.

    -----------------------------

    Jesus is Lord of lords and King of kings! Serve Him today.

  2. #2
    Coding for Jesus LavernGingerich's Avatar
    Join Date
    Jul 2003
    Location
    Tennessee
    Posts
    607
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is the php code on my search results page. Please tell me where to add the code I need:

    PHP Code:
     <?php
    $maxRows_SearchInventory 
    10;
    $pageNum_SearchInventory 0;
    if (isset(
    $HTTP_GET_VARS['pageNum_SearchInventory'])) {
      
    $pageNum_SearchInventory $HTTP_GET_VARS['pageNum_SearchInventory'];
    }
    $startRow_SearchInventory $pageNum_SearchInventory $maxRows_SearchInventory;


    mysql_select_db($database_Lighthouse$Lighthouse);

    // The basic SELECT statement 
    $select 'SELECT DISTINCT *'
    $from   ' FROM onlinestore'
    $where  ' WHERE 1=1'

    $division $_GET['division']; 
    if (
    $division !='') { // A division is selected 
        
    $where .= " AND Category LIKE '$division'"


    $cid $_GET['cid']; 
    if (
    $cid != '') { // A category is selected 
      
    $from  .= ', ItemLookup'
      
    $where .= " AND name=PID AND CID='$cid'"


    $searchtext $_GET['searchtext']; 
    $searchfield $_GET['searchfield']; 
    if (
    $searchtext != '') { // Some search text was specified 
      
    $where .= " AND $searchfield LIKE '%$searchtext%'"


    $viewdivision $_GET['viewdivision']; 
    if (
    $viewdivision !='') { // A division is selected 
        
    $where .= " AND Category LIKE '$viewdivision'"


    $viewcid $_GET['viewcid']; 
    if (
    $viewcid != '') { // A category is selected 
      
    $from  .= ', ItemLookup'
      
    $where .= " AND name=PID AND CID='$viewcid'"


    $sidedivision $_GET['sidedivision']; 
    if (
    $sidedivision !='') { // A division is selected 
        
    $where .= " AND Category LIKE '$sidedivision'"


    $sidecategory $_GET['sidecategory']; 
    if (
    $sidecategory != '') { // A category is selected 
      
    $from  .= ', ItemLookup'
      
    $where .= " AND name=PID AND CID='$sidecategory'"


    $sidesearchtext $_GET['sidesearchtext']; 
    $sidefield $_GET['sidefield']; 
    if (
    $sidesearchtext != '') { // Some search text was specified 
      
    $where .= " AND $sidefield LIKE '%$sidesearchtext%'"


    $order ' ORDER BY Title ASC';
    $query_SearchInventory = ($select $from $where.$order); 
    $query_limit_SearchInventory sprintf("%s LIMIT %d, %d"$query_SearchInventory$startRow_SearchInventory$maxRows_SearchInventory);
    $SearchInventory mysql_query($query_limit_SearchInventory$Lighthouse) or die(mysql_error());
    $row_SearchInventory mysql_fetch_assoc($SearchInventory);
    $totalRows_SearchInventory mysql_num_rows($SearchInventory);

    if (isset(
    $HTTP_GET_VARS['totalRows_SearchInventory'])) {
      
    $totalRows_SearchInventory $HTTP_GET_VARS['totalRows_SearchInventory'];
    } else {
      
    $all_SearchInventory mysql_query($query_SearchInventory);
      
    $totalRows_SearchInventory mysql_num_rows($all_SearchInventory);
    }
    $totalPages_SearchInventory ceil($totalRows_SearchInventory/$maxRows_SearchInventory)-1;

    $queryString_SearchInventory "";
    if (!empty(
    $HTTP_SERVER_VARS['QUERY_STRING'])) {
      
    $params explode("&"$HTTP_SERVER_VARS['QUERY_STRING']);
      
    $newParams = array();
      foreach (
    $params as $param) {
        if (
    stristr($param"pageNum_SearchInventory") == false && 
            
    stristr($param"totalRows_SearchInventory") == false) {
          
    array_push($newParams$param);
        }
      }
      if (
    count($newParams) != 0) {
        
    $queryString_SearchInventory "&" implode("&"$newParams);
      }
    }
    $queryString_SearchInventory sprintf("&totalRows_SearchInventory=%d%s"$totalRows_SearchInventory$queryString_SearchInventory);

    ?>

  3. #3
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My bet is that

    $searchtext = $_GET['searchtext'];
    needs to be:
    $searchtext = addslashes($_GET['searchtext']);

    Same deal with the other user input too.
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  4. #4
    Coding for Jesus LavernGingerich's Avatar
    Join Date
    Jul 2003
    Location
    Tennessee
    Posts
    607
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It works! Thank you so very much!!

    Have a good day,
    Lavern

    Remember Jesus is the WAY, the TRUTH, and the LIFE.
    Read the Bible.

  5. #5
    SitePoint Wizard samsm's Avatar
    Join Date
    Nov 2001
    Location
    Atlanta, GA, USA
    Posts
    5,011
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by LavernGingerich
    Remember Jesus is the WAY, the TRUTH, and the LIFE.
    Read the Bible.
    Remember that random people online may have different religious beliefs than you and seeing how you are asking them for help, you might consider respecting that.

    I'm sure you meant well, and I'm glad your script is working, just thought I'd throw that in as a bonus suggestion. :-)

    Also, do you know WHY addslashes fixes the problem?
    Using your unpaid time to add free content to SitePoint Pty Ltd's portfolio?

  6. #6
    Coding for Jesus LavernGingerich's Avatar
    Join Date
    Jul 2003
    Location
    Tennessee
    Posts
    607
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your help. No, I don't know why it allows me to use apostrophes in my search string, but I am learning.

    I think this is a great place to remind people of Jesus Christ. Really all religious beliefs apart from Jesus do not bring forgiveness, love, peace, joy, and eternal life. Jesus is the ONLY Way, the ONLY Truth, and the ONLY Life! Hallelujah!

  7. #7
    SitePoint Wizard guelphdad's Avatar
    Join Date
    Oct 2003
    Location
    St. Catharines, ON Canada
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by LavernGingerich
    I think this is a great place to remind people of Jesus Christ. Really all religious beliefs apart from Jesus do not bring forgiveness, love, peace, joy, and eternal life. Jesus is the ONLY Way, the ONLY Truth, and the ONLY Life! Hallelujah!
    Then what you are saying is that your way of thinking is the only way, which is insulting to people here on this discussion board and many others around the world. Give your head a shake!

  8. #8
    Mlle. Ledoyen silver trophy seanf's Avatar
    Join Date
    Jan 2001
    Location
    UK
    Posts
    7,168
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    We are here to discuss tech issues, not Religion

    Sean
    Harry Potter

    -- You lived inside my world so softly
    -- Protected only by the kindness of your nature


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •