Special Characters in Query?

[chaseman]

The variable includes special characters and I'm wondering if there is a way to still make it work?

 

 

 

 

Since the variable has special characters, I get a SYNTAX error.

 

If I use double quotes inside the SQL command line around the variable in PhpMyAdmin, then it works, that's why I'm wondering how I can achieve a similar effect in PHP? Obviously I'm not able to use double quotes as shown below, and single quotes will give a syntax error. Is there any other way?

 

"SELECT * FROM con WHERE contribution = "$variable"";

[Muddy_Funster]

'SELECT * FROM con WHERE contribution = \''.$variable.'\'';

[fenway]

This is very much a php syntax question -- but use single quotes on the inside, doubles on the outside.

[chaseman]

When I wrote:

 

, and single quotes will give a syntax error. Is there any other way?

 

Then I meant that single quotes INSIDE the query with double quotes OUTSIDE the query are producing a syntax error. Normal inputs will work fine, but as soon as there is an input with special characters I'll get a SQL syntax error.

 

But when I take that SAME input and put it into the SQL command line WITH DOUBLE QUOTES around the characters it will work.

 

 

@muddy,

 

I tried your suggestion and still get a synatx error.

 

EDIT:

One thing I'm wondering is, when I insert the special characters like this:

 

INSERT INTO con (contribution) VALUES ('$variable')

 

Then it works without any errors, but it does produce errors when I do a SELECT query. What is the difference?

[chaseman]

Now I realize why it works with the INSERT INTO, but not with the SELECT,

 

because I used on the INSERT INTO the function mysqli_real_escape_string(), so I did the same with SELECT and now it's working.

 

Special characters are being escaped.

 

Thanks for all the help.