[SOLVED] MYSQL escaping with backslash

[richardmc85]

Hey people, Ive been playing with a bit of script for a while now, but I cannot get the desired results.

 

Basically, I am trying to work out how many records in my database are of a certain type.

 

The text that I type to put into the database would read this...  12' Vinyl Single

 

I add my slashes and things, so that within phpMyAdmin it reads... 12\' Vinyl Single which is fine so far.

 

Im using this code snippet to search the records and to figure out how many match that type, but I get 0 results. Ive tried to also escape the backslash aswell by having \\\ (one to escape a backslash and the third to escape the apostrophe next), but still no luck.

 

$query = "select * from products where ProductType = '12\' Vinyl Single'";
$result = mysql_query($query); 		
$rows = mysql_num_rows($result);
$vinylsingle12 = $rows;

 

Its probably something stupid, but im pulling my hair out trying to figure it out.

 

If anyone could help me, it would be much appreciated.

[fenway]

This is just a php issue... you're escaping it "too early" so to speak... It's the query that needs it escaped, not the string variable itself.  Usually you can do this with mysql_real_escape_string().

[richardmc85]

Ahhh

 

Thanks for that, I will look into it.

[Wildbug]

Ditto mysql_real_escape_string() usage.

 

But as far as your original snippet, you either needed to be using two backslashes (one to escape the backslash in the string in PHP, then it will be a single backslash when it reaches MySQL), or you could have used two single quotes together: "...ProductType='12'' Vinyl Single'".  To MySQL two single quotes together means to escape it into one.

[richardmc85]

Ive never used mysql_real_escape_string() before, how would I incorporate it into that code snippet?

[richardmc85]

Ah, I figured it out.

 

Thanks anyway for your input guys. Very much appreciated!