deecee2000 Posted August 27, 2009 Share Posted August 27, 2009 I have following string data in mysql. Field Name = data Value $text_in_db = "Mark\'s Shop"; $text_to_search = "Mark's Shop"; I need to check whether this record exists in database or not. I did, $sql = "SELECT * FROM user where data = '".$text_to_search."' " ; I also tried below query $sql = "SELECT * FROM user where data = '".stripslashes($text_to_search)."' " ; But it neither work first query (Giving Syntax Error) or second query (Not giving error but not returning that record). So how do I get result from the DB. In php_ini settings. magic_quotes_gpc = On Thanks in advance. Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted August 27, 2009 Share Posted August 27, 2009 $text_to_search = "Mark\'s Shop"; can you just do that? Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 27, 2009 Share Posted August 27, 2009 if the value itself in the database has a backslash before the single quote, it means it was inserted with two sets of escaping slashes - and the slash is technically a real character. to search against the database and grab that value, you'll want to run addslashes() against the value (since magic_quotes has already applied the first set of escaping slashes). Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2009 Share Posted August 27, 2009 Edit: Similar/same to above ^^^ If you see the \ characters when you look directly in your database, that means that your data was double escaped and attempting to search for something would also require that you double escape what you are putting into $text_to_search. It is best to fix your code so that the data is escaped properly (the \ characters are only in the query, not in the actual database.) You can then search for something and it will work as expected by escaping what is in $text_to_search only once. Quote Link to comment Share on other sites More sharing options...
deecee2000 Posted August 27, 2009 Author Share Posted August 27, 2009 Thnx for replies. I was in impression that if we use addslashes it will add extra "\" for quote. i.e. $text = "O' Really"; $text = addslashes("O' Really"); will become "O\' Really". Is it correct? Now if we have already O\' Really in DB then why we need to add second time addslashes? If we need to use addslashes then what is use of stripslashes? BTW: mikesta707: Your option was not work either. Thanks, Quote Link to comment Share on other sites More sharing options...
akitchin Posted August 27, 2009 Share Posted August 27, 2009 Thnx for replies. I was in impression that if we use addslashes it will add extra "\" for quote. i.e. $text = "O' Really"; $text = addslashes("O' Really"); will become "O\' Really". Is it correct? that's correct. except when magic_quotes_gpc() is on, this has already been done to your data. you are obviously doing it a second time when you run addslashes() on your data prior to inserting it, and so all those backslashes end up being double-escaped: // say O'Reilly was submitted via the form echo $_POST['data']; // echoes "O\'Reilly" echo addslashes($_POST['data']); // echoes "O\\\'Reilly" you seem to be inserting the second one into your database, and so actual backslashes (rather than simply escaping ones) are being inserted. to correctly match the string to the database, you will need to run addslashes() twice. as pfmabismad says, the ideal solution is to fix the code that inserts the data in the first place so that only one set of escaping slashes has been added. Quote Link to comment Share on other sites More sharing options...
deecee2000 Posted August 27, 2009 Author Share Posted August 27, 2009 Ok, I got it. Thanks to you all for your replies. Really appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.