GeoffEll Posted June 17, 2008 Share Posted June 17, 2008 Dear All, I have a problem with the following snippet of code (below) due to there being entries in my DB which contain apostrohes. I would like the query to remain as it is, what should I do with the $Name? Thanks on advance, Geoff $Name = "contain's apostrophe"; $Query = " SELECT date FROM table WHERE name = ' ".$Name." ' "; Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/ Share on other sites More sharing options...
jesushax Posted June 17, 2008 Share Posted June 17, 2008 $Name = str_replace("'","''","contain's apostrophe"); Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/#findComment-567139 Share on other sites More sharing options...
GeoffEll Posted June 17, 2008 Author Share Posted June 17, 2008 Thanks for the speedy response. Although the query didn't give an error, it doesn't give any output. I want the query to find the entries with ``contain's apostrophe`` in it, but I think at first it searched for ``contain`` and now with your answer it searches for ``contain''s apostrophe``. I'm still confused! Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/#findComment-567142 Share on other sites More sharing options...
jesushax Posted June 17, 2008 Share Posted June 17, 2008 what you mean it doesnt output can you echo your sql satement and post it here do you want to find them and stop them or still upload them? the str_replace function searches for terms in the text i used it to search for ' and replace it with a ' to upload try changing to html $Name = str_replace("'","'","contain's apostrophe"); the above should output and upload fine Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/#findComment-567152 Share on other sites More sharing options...
GeoffEll Posted June 17, 2008 Author Share Posted June 17, 2008 Sorry if I was unclear. As a whole I have a two stage process. First of all I have a query that from a given id number outputs the name. This works. Let's save this as the variable $Name. Sometimes, the name contains an apostrophe. So if I do echo $Name; I get what I expect, say: Mr. O'Hare Now I want to do a second search on this name such as: $Query = " SELECT date FROM table WHERE name = ' ".$Name." ' "; $result = mysql_query($Query); while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo $row['date']; } Now I know such a date exists, it's just that there is no error message and no echoed output. Even when I do the str_replace as you suggested. I know that perhaps I can do these two queries in one cross tabular query, but that's not on the menu at the moment. Thx again. Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/#findComment-567163 Share on other sites More sharing options...
PFMaBiSmAd Posted June 17, 2008 Share Posted June 17, 2008 Special characters that occur in string data must be escaped so that they are seen as data and not seen as part of query syntax, either causing a syntax error or allowing sql injection. You should be using the mysql_real_escape_string() function on string data. This applies to string data being inserted or searched for. Link to comment https://forums.phpfreaks.com/topic/110550-php_mysql-apostrophe-problems/#findComment-567322 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.