Mr Chris Posted October 9, 2006 Share Posted October 9, 2006 Hi Guys,Have a question about the above.I have built a News Story CMS page. On this page I have 2 fields I fill in which I use to match [b]related terms[/b]. So for example I enter one story with the headline:[b]Man Eats Dog[/b] Into MySQL database as a record.Then I go onto enter another story in the database called [b]Dog eats man[/b], and this time I enter in my [b]related terms[/b] for this story the term [b]Dog[/b]This then searches the headline field for the word dog and the body_text field in the whole table for the word dog (hope you are with me so far ::)). Now I do this using this code:[code=php:0]<? $query = "SELECT DISTINCT story_id, headline FROM cms_stories WHERE (headline LIKE '%$term_one%' OR headline LIKE '%$term_two%' OR body_text LIKE '%$term_one%' OR body_text LIKE '%$term_two%') AND story_id != $story_id"; $result = mysql_query($query) OR die(mysql_error()); $result = mysql_query($query) OR die(mysql_error()); if (mysql_num_rows($result) == 0) { echo ("<DIV ALIGN=\"CENTER\">Sorry, there are no related stories</div>"); } else { while($row = mysql_fetch_assoc($result)) { echo " - <a href='story.php?story_id={$row[story_id]}'> {$row[headline]}</a><p></p>"; } }?>[/code]Now on my live site in my related story box I now have a link from [b]Dog Eats Man[/b] to [b]Man eats dog[/b] as the term [b]dog[/b] has been entered as a related term. Fine......ButIs I was to enter the related term as something like [b]dog's[/b] - ie with an apostophe my live site throws up a SQL error as it does not like the 'So my question is how do I enter the data. Do I enter the data so that I addslashes - and does this has an effect on searching the headline and body_text field as these fields do not hold slashed data? Or can I just add stripslashes on my live site which will cause the mysql syntax error to not be apparent anymore?Hope you get what I mean and can help!ThanksChrisThanksChris Quote Link to comment Share on other sites More sharing options...
Orio Posted October 9, 2006 Share Posted October 9, 2006 Use the function [url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string()[/url].Read about it, and pay attention to the examples and notes.Orio. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.