savithananda Posted October 7, 2014 Share Posted October 7, 2014 Hi , I have a website which uses apostrophe in merchant names (craig's) and Product name (Fresh goat's). If I try click on the search pages using these names with apostrophe then it displays the following error. Error: SELECT * FROM merchant WHERE user_name='Major_Craig's_Chutney' && is_active='1' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's_Chutney' && is_active='1'' at line 1 I tried to add an apostrophe in php file of merchant search but still it shows up the same error or empty page. can anyone help me on this???? Quote Link to comment https://forums.phpfreaks.com/topic/291486-apostrophe-in-url-not-working/ Share on other sites More sharing options...
cyberRobot Posted October 7, 2014 Share Posted October 7, 2014 Since the single quote appears in the middle of a singled-quoted string, you need to escape the value. How is the query being built? For what it's worth, more information about escaping values in strings can be found here: http://dev.mysql.com/doc/refman/5.0/en/string-literals.html Quote Link to comment https://forums.phpfreaks.com/topic/291486-apostrophe-in-url-not-working/#findComment-1492948 Share on other sites More sharing options...
savithananda Posted October 7, 2014 Author Share Posted October 7, 2014 Hi Guru, Thank you. It works fine in mysql but I am getting problem when the page is loading.In search forms company name passed as parameter in url , that is where I am getting this error. I tried to fix it in search.php file using urlencode but it is not fixed. code used: <?echo urlencode($merchant->company_name);?> Quote Link to comment https://forums.phpfreaks.com/topic/291486-apostrophe-in-url-not-working/#findComment-1492966 Share on other sites More sharing options...
cyberRobot Posted October 7, 2014 Share Posted October 7, 2014 Which database API are you using...MySQL, MySQLi, PDO? Each of these APIs have a way to escape the string for you. MySQL, for example, uses mysql_real_escape_string(): http://php.net/manual/en/function.mysql-real-escape-string.php MySQLi also has a function for escaping strings called mysqli_real_escape_string(). If you are using MySQLi or PDO, you can also use Prepared Statements. Side note: urlencode() isn't meant to escape strings for database use. It is meant to prepare a string to be used in a URL. More information can be found here: http://php.net/manual/en/function.urlencode.php Quote Link to comment https://forums.phpfreaks.com/topic/291486-apostrophe-in-url-not-working/#findComment-1492980 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.