Jump to content


This topic is now archived and is closed to further replies.

Mr Chris

stripslashes & addslashes

Recommended Posts

Hi Guys,

Have a question about the above.

I have built a News Story CMS page. On this page I have 2 fields I fill in which I use to match [b]related terms[/b].  So for example I enter one story with the headline:

[b]Man Eats Dog[/b]

Into MySQL database as a record.

Then I go onto enter another story in the database called [b]Dog eats man[/b], and this time I enter in my  [b]related terms[/b] for this story the term [b]Dog[/b]

This then searches the headline field for the word dog and the body_text field in the whole table for the word dog (hope you are with me so far  ::)).  Now I do this using this code:

$query = "SELECT DISTINCT story_id, headline FROM cms_stories
WHERE (headline LIKE '%$term_one%' OR headline LIKE '%$term_two%' OR body_text LIKE '%$term_one%' OR body_text LIKE '%$term_two%')
AND story_id != $story_id"; $result = mysql_query($query) OR die(mysql_error()); 

$result = mysql_query($query) OR die(mysql_error());

if (mysql_num_rows($result) == 0) {
    echo ("<DIV ALIGN=\"CENTER\">Sorry, there are no related   

} else {

    while($row = mysql_fetch_assoc($result))  {
        echo " - <a href='story.php?story_id={$row[story_id]}'>


Now on my live site in my related story box I now have a link from [b]Dog Eats Man[/b] to [b]Man eats dog[/b] as the term [b]dog[/b] has been entered as a related term. Fine...


Is I was to enter the related term as something like [b]dog's[/b] - ie with an apostophe my live site throws up a SQL error as it does not like the '

So my question is how do I enter the data.  Do I enter the data so that I addslashes  - and does this has an effect on searching the headline and body_text field as these fields do not hold slashed data?  Or can I just add  stripslashes on my live site which will cause the mysql syntax error to not be apparent anymore?

Hope you get what I mean and can help!





Share this post

Link to post
Share on other sites
Use the function [url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string()[/url].

Read about it, and pay attention to the examples and notes.


Share this post

Link to post
Share on other sites


Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.