Jump to content

Recommended Posts

Hi ,

 

    I have a website which uses apostrophe in merchant names (craig's) and Product name (Fresh goat's).

If I try click on the search pages using these names with apostrophe then it displays the following error.

 

Error: SELECT * FROM merchant WHERE user_name='Major_Craig's_Chutney' && is_active='1'

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Chutney' && is_active='1'' at line 1

 

I tried to add an apostrophe in php file of  merchant search but still it shows up the same error or empty page.

 

 can anyone help me on this????

Link to comment
https://forums.phpfreaks.com/topic/291486-apostrophe-in-url-not-working/
Share on other sites

Since the single quote appears in the middle of a singled-quoted string, you need to escape the value. How is the query being built?

 

For what it's worth, more information about escaping values in strings can be found here:

http://dev.mysql.com/doc/refman/5.0/en/string-literals.html

Hi Guru,

 

Thank you. It works fine in mysql but I am getting problem when the page is loading.In search forms company name passed as parameter in url , that is where I am getting this error. I tried to fix it in search.php file using urlencode but it is not fixed.

 

code used: <?echo urlencode($merchant->company_name);?>

Which database API are you using...MySQL, MySQLi, PDO? Each of these APIs have a way to escape the string for you. MySQL, for example, uses mysql_real_escape_string():

http://php.net/manual/en/function.mysql-real-escape-string.php

 

MySQLi also has a function for escaping strings called mysqli_real_escape_string(). If you are using MySQLi or PDO, you can also use Prepared Statements.

 

 

Side note: urlencode() isn't meant to escape strings for database use. It is meant to prepare a string to be used in a URL. More information can be found here:

http://php.net/manual/en/function.urlencode.php

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.