Jump to content

Recommended Posts

I have a few people with ' in their last names and I cant get the SQL statement to work correctly.  I have tried adding slashes, but if i manually add another ' in their lastname the SQL statement works, although I cant be certian its doing what its suppose to be doing.

 

What function should I use to parse the lastname to correct for odd chrs and correct them.

 

I have tried:

 

$tmp_last= addslashes($arr[0]);

$tmp_first= addslashes($arr[1]);

 

$tmp_last = mysql_real_escape_string($tmp_last, $link);

$tmp_first = mysql_real_escape_string($tmp_first, $link);

 

both do the same thing, but neither works.  Ideas?

Link to comment
https://forums.phpfreaks.com/topic/136359-o-last-names-and-how-do-you-sql-them/
Share on other sites

When I test for Magic Quotes the result is 1, so it is on. 

 

With it on, since I can't readily turn it off how do I proceed?

 

ALso the SQL line that uses this variable looks like this:

 

$nsql = '(`ruat_tsa_last_name` LIKE CONVERT(_utf8 \'%'.$tmp_last.'%\' USING latin1) COLLATE latin1_swedish_ci ';

 

 

<?php
$tmp_last			= ($arr[0]);
$tmp_first			= ($arr[1]);
$link 				= mysql_connect("-----", "-----", "-----", "----");
$tmp_last			= mysql_real_escape_string($tmp_last, $link);
$tmp_first			= mysql_real_escape_string($tmp_first, $link);


----

$nsql = '(`ruat_tsa_last_name` LIKE CONVERT(_utf8 \'%'.$tmp_last.'%\' USING latin1) COLLATE latin1_swedish_ci ';
$sql = $sql.$nsql;
$nsql = ' AND `ruat_tsa_first_name` LIKE CONVERT(_utf8 \'%'.$tmp_first.'%\' USING latin1) COLLATE latin1_swedish_ci ) ';
$sql = $sql.$nsql;

I have echoed the query using all the different methods, but i can not seem to make it work.

 

if i load the information right from the CSV and then into the array the ' goes right into the SQL statement and looks like

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the mysql_strip function without striping the slashes I get this:

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O\'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the strip slashes after I do the Mysql_strip function I get the same result as the first.

 

No where does it add a second ' in the last name

I have echoed the query using all the different methods, but i can not seem to make it work.

 

if i load the information right from the CSV and then into the array the ' goes right into the SQL statement and looks like

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the mysql_strip function without striping the slashes I get this:

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O\'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the strip slashes after I do the Mysql_strip function I get the same result as the first.

 

No where does it add a second ' in the last name

 

What is the mysql_error that is being returned?

I have echoed the query using all the different methods, but i can not seem to make it work.

 

if i load the information right from the CSV and then into the array the ' goes right into the SQL statement and looks like

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the mysql_strip function without striping the slashes I get this:

 

`ruat_tsa_last_name` LIKE CONVERT(_utf8 '%O\'Dahl%' USING latin1) COLLATE latin1_swedish_ci

 

if I call the strip slashes after I do the Mysql_strip function I get the same result as the first.

 

No where does it add a second ' in the last name

 

You shouldn't need multiple ' unless you're using a Sybase-style DB like SQL Server.  The second query looks right to me unless I'm missing something?


<?php
$tmp_last   = $arr[0];
$tmp_first   = $arr[1];
$link     = mysql_connect("-----", "-----", "-----", "----");
if ( get_magic_quotes_gpc() == 1 ):
   stripslashes($tmp_last);
   stripslashes($tmp_first);
Endif;
$tmp_last   = mysql_real_escape_string($tmp_last, $link);
$tmp_first   = mysql_real_escape_string($tmp_first, $link);

----
$nsql = '(`ruat_tsa_last_name` LIKE CONVERT(_utf8 \'%'.$tmp_last.'%\' USING latin1) COLLATE latin1_swedish_ci ';
$sql .=$nsql;
$nsql = ' AND `ruat_tsa_first_name` LIKE CONVERT(_utf8 \'%'.$tmp_first.'%\' USING latin1) COLLATE latin1_swedish_ci ) ';
$sql .= $nsql;
?>

 

I'm out of my depth here but from reading the topic this seems to be what people have suggested...

If you are getting this data from a file, magic_quotes_runtime being on would escape the data. You can turn magic_quotes_runtime off in your script. Which magic quotes setting where you referring to earlier?

 

And at this point full disclosure would be your best bet to get a quick solution. Post your full code and describe what you mean when you say it is not working.

<?php
SQL = SELECT * 
FROM tbl_nofly_add_list
WHERE (

`ruat_tsa_last_name` LIKE CONVERT( _utf8 '%O\'Dahl%'
USING latin1 ) 
COLLATE latin1_swedish_ci
AND `ruat_tsa_first_name` LIKE CONVERT( _utf8 '%Erick%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
OR (
`ruat_tsa_first_name` LIKE CONVERT( _utf8 '%O\'Dahl%'
USING latin1 ) 
COLLATE latin1_swedish_ci
AND `ruat_tsa_last_name` LIKE CONVERT( _utf8 '%Erick%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
OR (
`ruat_tsa_first_name` LIKE CONVERT( _utf8 '%Erick%'
USING latin1 ) 
COLLATE latin1_swedish_ci
AND `ruat_tsa_last_name` LIKE CONVERT( _utf8 '%O\'Dahl%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
OR (
`ruat_tsa_first_name` LIKE CONVERT( _utf8 '%Erick%'
USING latin1 ) 
COLLATE latin1_swedish_ci
AND `ruat_tsa_last_name` LIKE CONVERT( _utf8 '%O'Dahl % ' USING latin1) COLLATE latin1_swedish_ci ) OR (`ruat_tsa_last_name` LIKE CONVERT(_utf8 ' % Alan O \ 'Dahl%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR `ruat_tsa_first_name` LIKE CONVERT( _utf8 '%Erick Alan%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
OR (
`ruat_tsa_first_name` LIKE CONVERT( _utf8 '%Erick Alan%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR `ruat_tsa_last_name` LIKE CONVERT( _utf8 '%Alan O\'Dahl%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
ORDER BY ruat_tsa_sid<?php>

And I'm gonna go out on a limb and say that's not the most efficient way of doing it, especially when some combination of PHP settings and string-escaping functions will do what you want it to do.

 

 

I am sure its not the best way of doing what I need to do; however, because of how dynamic this SQL statement has to be i dont know another way of doing it.  If there was I'd gladly do it, if i knew how.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.