Single quote breaking sql query

[Guest]

i have a sql query that output some stuff from the database

 

one of the entry contains a single quote (i.e.: Thumb's Up)

 

it is breaking my sql query and messing up the page

 

here is the query

 

$filter = mysql_real_escape_string($title);
  $query = "SELECT * FROM quebec_thread WHERE title LIKE '%$filter%' AND forumid='18'";

($title is a $_GET value)

 

i tryed with mysql_real_escape_string() and addslashes() but i still get the same error...

 

the entry in the database doesn't contain slashes

 

	You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Up%' AND forumid='18'' at line 1

[unidox]

Try this:

$query = "SELECT * FROM `quebec_thread` WHERE `title` LIKE '%$filter%' AND `forumid` = '18'";

[kenrbnsn]

Output your query when you get the error:

<?php
$filter = mysql_real_escape_string($title);
$query = "SELECT * FROM quebec_thread WHERE title LIKE '%$filter%' AND forumid='18'";
$rs = mysql_query($query) or die("Problem with the query: $query<br>" . mysql_error());
?>

Using this method may show where the error is better.

 

Ken

[Guest]

thanks, i fixed it

[kenrbnsn]

What was the problem?

 

Ken