violinrocker Posted February 20, 2011 Share Posted February 20, 2011 i have this code SELECT COUNT(*) as num FROM videos where title=$title and if the title has punctuation marks for example "psssh's psh" it would interpret it like 'SELECT COUNT(*) as num FROM videos where title=psh's psh ' right? and then it shows this error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's psh ORDER by (eno+0) DESC' at line 2 i dont know what to do, i tried changing ' and "... and adding ' and " also... i also need something that with work with other symbols like & / * etc. Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/ Share on other sites More sharing options...
Pikachu2000 Posted February 20, 2011 Share Posted February 20, 2011 mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177160 Share on other sites More sharing options...
Skepsis Posted February 20, 2011 Share Posted February 20, 2011 Also, if $title = mysql_real_escape_string($_POST['title']); doesn't work, you can always addlslashes, $title = addslashes($_POST['title']); This will take care of your error. Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177243 Share on other sites More sharing options...
Pikachu2000 Posted February 20, 2011 Share Posted February 20, 2011 If mysql_real_escape_string() doesn't work, you've probably got bigger problems that should be looked into. addslashes() shouldn't even be an option when a dbms-specific escaping function is available. Link to comment https://forums.phpfreaks.com/topic/228284-question-about-select-___-where/#findComment-1177244 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.