RON_ron Posted March 5, 2013 Share Posted March 5, 2013 my code $query = "SELECT SUM(furnitureA) AS furnitureA FROM items WHERE quantity = '$codeNumber'"; $result = mysql_query($query); $rBf = mysql_fetch_array($result); // ERROR: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in.... This usually happens whenever there's an apostrophe (') in $codeNumber (E.g. if $codeNumber = jack's154879). How do i overcome this? Quote Link to comment Share on other sites More sharing options...
matthew.javelet Posted March 5, 2013 Share Posted March 5, 2013 (edited) http://php.net/manual/en/function.mysql-real-escape-string.php $codeNumber = mysql_real_escape_string( $codeNumber ); That should fix it right up. Definitely look up the function description so you understand what's going on here. Edited March 5, 2013 by matthew.javelet Quote Link to comment Share on other sites More sharing options...
RON_ron Posted March 5, 2013 Author Share Posted March 5, 2013 Thanks. but now the $codeNumber is red as jack\'s154879? Not outputting the desired results whenever there is an apostrophe (') in the $codeNumber variable.? Quote Link to comment Share on other sites More sharing options...
trq Posted March 5, 2013 Share Posted March 5, 2013 Your doing it wrong then. How are you escaping your data before using it within your queries? Post some code. Quote Link to comment Share on other sites More sharing options...
haku Posted March 5, 2013 Share Posted March 5, 2013 Thanks. but now the $codeNumber is red as jack\'s154879? Not outputting the desired results whenever there is an apostrophe (') in the $codeNumber variable.? Are you seeing that when looking at the code in the database? That's fine, it's supposed to do that. It's escaping the quotes. When you get the data from the database, those slashes will (should?) be removed. Quote Link to comment Share on other sites More sharing options...
Christian F. Posted March 5, 2013 Share Posted March 5, 2013 Actually, haku, the slashes should never make it into the database in the first place. They're only there to escape the single quotes, so that they are read as plain text by the SQL engine. Quote Link to comment Share on other sites More sharing options...
johnsmith153 Posted March 5, 2013 Share Posted March 5, 2013 Check if 'Magic Quotes' are turned on in PHP and also check for any 'addslashes' function use within your code. If Magic Quotes are on then all HTTP request data (e.g. $_POST) will automatically be escaped. If you're using addslashes() then additional escaping is being done there too. The above two methods will actually add the backslashes when storing in the database, unlike the mysql_real_escape_string() method, so I'm guessing you're doing one of those things (hence the backslash you are seeing in the DB). Ensure to just use mysql_real_escape_string() and no other methods of escaping. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.