Addslashes help?

Mr Chris · May 3, 2007

Hi Guys,

In my system I'm creating I am entering a term in my table for a record and then seaching the rest of the database for a similar term.

So for example if I entered the term John Jones

It searches the database for all other instances of this word.

Now this works great apart from one thing. If I entered John Jone's (apostrophe) as my related term it throws up an SQL error:

Now I thought I would be able to solve this using addslashes, but I still get the same problem?

Any ideas?

Thanks

<? 
$query = "SELECT DISTINCT story_id, headline FROM cms_stories 
WHERE 
(headline LIKE '%$related_term_one%' OR headline LIKE '%$related_term_two%' 
OR body_text LIKE '%$related_term_one%' 
OR body_text LIKE '%$related_term_two%') 
AND story_id != $story_id ORDER BY story_id  DESC LIMIT 5"; 

$result = mysql_query($query) OR die(mysql_error());
    
$defineResults = mysql_num_rows($result);

if ($defineResults == 0) { 
    echo ("<DIV ALIGN=\"CENTER\"><strong><font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Sorry, there are no related      
    stories</font></div>"); 

} else { 

    while($row = mysql_fetch_assoc($result))   { 
        echo " <img src='../images/story_images/dot.jpg' width='10' height='10' align='absbottom' /><strong><font size='1' face='Verdana, Arial, Helvetica, sans-serif'><a href='story.php?story_id={$row[story_id]}'> 
        " . addslashes($row['headline']) . "</a></font></strong><br />"; 	
    } 

} 
?>

DaveEverFade · May 3, 2007

try mysql_real_escape_string() should do it I think....

Oh, and you need to do that before you run the query ie

<? 
$query = "SELECT DISTINCT story_id, headline FROM cms_stories 
WHERE 
(headline LIKE '%$related_term_one%' OR headline LIKE '%$related_term_two%' 
OR body_text LIKE '%$related_term_one%' 
OR body_text LIKE '%$related_term_two%') 
AND story_id != $story_id ORDER BY story_id  DESC LIMIT 5"; 

$query=mysql_real_escape_string($query);

$result = mysql_query($query) OR die(mysql_error());
............

Mr Chris · May 3, 2007

Thanks,

But that simply generates the same error with / in it?

DaveEverFade · May 3, 2007

Can you post the error please?

Mr Chris · May 3, 2007

Yep,

Thank You

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\r\nWHERE \r\n(headline LIKE \'%%\' OR headline LIKE \'%%\' \r\nOR body_text LIK' at line 1

Using...

<? 
$query = "SELECT DISTINCT story_id, headline FROM cms_stories 
WHERE 
(headline LIKE '%$related_term_one%' OR headline LIKE '%$related_term_two%' 
OR body_text LIKE '%$related_term_one%' 
OR body_text LIKE '%$related_term_two%') 
AND story_id != $story_id ORDER BY story_id  DESC LIMIT 5"; 

$query=mysql_real_escape_string($query);

$result = mysql_query($query) OR die(mysql_error());
    
$defineResults = mysql_num_rows($result);

if ($defineResults == 0) { 
    echo ("<DIV ALIGN=\"CENTER\"><strong><font size='1' face='Verdana, Arial, Helvetica, sans-serif'>Sorry, there are no related      
    stories</font></div>"); 

} else { 

    while($row = mysql_fetch_assoc($result))   { 
        echo " <img src='../images/story_images/dot.jpg' width='10' height='10' align='absbottom' /><strong><font size='1' face='Verdana, Arial, Helvetica, sans-serif'><a href='story.php?story_id={$row[story_id]}'> 
        {$row['headline']}</a></font></strong><br />"; 	
    } 

} 
?>

Sign In

Addslashes help?

Recommended Posts

Mr Chris

Link to comment

Share on other sites

DaveEverFade

Link to comment

Share on other sites

Mr Chris

Link to comment

Share on other sites

DaveEverFade

Link to comment

Share on other sites

Mr Chris

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information