violinrocker Posted February 20, 2011 Share Posted February 20, 2011 i have this code SELECT COUNT(*) as num FROM videos where title=$title and if the title has punctuation marks for example "psssh's psh" it would interpret it like 'SELECT COUNT(*) as num FROM videos where title=psh's psh ' right? and then it shows this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's psh ORDER by (eno+0) DESC' at line 2 i dont know what to do, i tried changing ' and "... and adding ' and " also... i also need something that with work with other symbols like & / * etc. Quote Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/ Share on other sites More sharing options...
Pikachu2000 Posted February 20, 2011 Share Posted February 20, 2011 mysql_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177160 Share on other sites More sharing options...
Skepsis Posted February 20, 2011 Share Posted February 20, 2011 Also, if $title = mysql_real_escape_string($_POST['title']); doesn't work, you can always addlslashes, $title = addslashes($_POST['title']); This will take care of your error. Quote Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177243 Share on other sites More sharing options...
Pikachu2000 Posted February 20, 2011 Share Posted February 20, 2011 If mysql_real_escape_string() doesn't work, you've probably got bigger problems that should be looked into. addslashes() shouldn't even be an option when a dbms-specific escaping function is available. Quote Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177244 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.