Mysql_Real_Escape_String Removes Dot

[vinpkl]

hi

 

This below is the where clause of my query

 

where s.categoryid = ".mysql_real_escape_string(p.categoryid). "

 

when i echo the query, the output is

 

where s.categoryid = pcategoryid

 

The dot between p and categoryid is removed with mysql_real_escape_string

 

vineet

[salathe]

What you are doing is mysql_real_escape_string(p.categoryid)

 

This is trying to concatenate the values of two constants, namely p and categoryid. Since neither of those constants exist in your script, PHP helpfully just takes their name as the string value. So it is concatenating the two strings, "p" and "categoryid", giving the resulting string "pcategoryid". This string is then passed to mysql_real_escape_string() to be escaped, resulting in the escaped string (nothing in this particular string needs to be escaped) of "pcategoryid" which you can see in your output.

 

Now for some resolution; do you need to escape p.categoryid at all? It looks to me like you just want to write the column name directly into the query.

 

where s.categoryid = p.categoryid