SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Addict
    Join Date
    Nov 2007
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question avoid the quotation

    I have a problem when am outputting a data from the database
    which comes from an HTML editor
    to be used in mysql statement

    PHP Code:
     $query_Recordset2 "SELECT * FROM points where  quest LIKE '".$row_code_quest['quest']."' "

    and the question here is a text that contains quotations like that

    " is this david's car? or nancy's car ?"

    so it gives me error
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's


    so any solution please???????

  2. #2
    SitePoint Member
    Join Date
    Sep 2009
    Location
    UK
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use the addslashes() or mysql_real_escape_string() function on the variable like so:

    addslashes() example:

    PHP Code:
    $query_Recordset2 "SELECT * FROM points where quest LIKE '".addslashes($row_code_quest['quest'])."' "
    mysql_real_escape_string() example:

    PHP Code:
    $query_Recordset2 "SELECT * FROM points where quest LIKE '".mysql_real_escape_string($row_code_quest['quest'])."' "
    Last edited by AndyJGreen; Sep 27, 2009 at 16:18. Reason: Switching the second to mysql_REAL for depreciation.

  3. #3
    SitePoint Addict
    Join Date
    Nov 2007
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i tried both but still have the same error!!
    any idea why?

  4. #4
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    echo the query ($query_Recordset2) for debugging purposes.
    Is the MySQL error the same, or has it changed?

  5. #5
    SitePoint Addict
    Join Date
    Nov 2007
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well i think it working now
    i forgot that i have many statment using this part
    PHP Code:
    quest LIKE '".$row_code_quest['quest']."' "; 
    so i had to put the add slash function in all of them

    Thank you guys so much

  6. #6
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there a reason you're using LIKE instead of simply equals ?
    Code SQL:
    SELECT * FROM points WHERE quest = 'value here'

  7. #7
    SitePoint Addict
    Join Date
    Nov 2007
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    well i thought its better to use it when comparing text??

  8. #8
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You use like when you want to match a wildcard.
    SELECT * FROM table WHERE field LIKE 'ban%' will match records where field starts with the letters ban.

    If you have an exact value you want the whole field to match, just use equals.

  9. #9
    SitePoint Addict
    Join Date
    Nov 2007
    Posts
    219
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    oh thank you
    what about avoiding the case sensitive????

    am making a sql statement that search using LIKE
    but its case sensitive
    like if i search for "Alex" and it was saved as "alex"
    it never shows up!!

    any idea???

  10. #10
    SitePoint Wizard cranial-bore's Avatar
    Join Date
    Jan 2002
    Location
    Australia
    Posts
    2,634
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Text columns in MySQL (tinytext, text etc.) are case insensitive. Blob columns work the same way, but are case sensitive.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •