vinpkl Posted October 22, 2012 Share Posted October 22, 2012 hi This below is the where clause of my query where s.categoryid = ".mysql_real_escape_string(p.categoryid). " when i echo the query, the output is where s.categoryid = pcategoryid The dot between p and categoryid is removed with mysql_real_escape_string vineet Quote Link to comment Share on other sites More sharing options...
salathe Posted October 22, 2012 Share Posted October 22, 2012 What you are doing is mysql_real_escape_string(p.categoryid) This is trying to concatenate the values of two constants, namely p and categoryid. Since neither of those constants exist in your script, PHP helpfully just takes their name as the string value. So it is concatenating the two strings, "p" and "categoryid", giving the resulting string "pcategoryid". This string is then passed to mysql_real_escape_string() to be escaped, resulting in the escaped string (nothing in this particular string needs to be escaped) of "pcategoryid" which you can see in your output. Now for some resolution; do you need to escape p.categoryid at all? It looks to me like you just want to write the column name directly into the query. where s.categoryid = p.categoryid Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.