jwer78 Posted December 5, 2007 Share Posted December 5, 2007 Ok I have this script that is used to bid on players for a football league I run. Some players names have punctuation in them. If I echo the query it is correct and I am able to run it via sqlyog but it does not work in the script. Any help would be greatly appreciated. Here is the part I am having problems with. $bthousand=$_POST["bthousand"]; $bmillion=$_POST["bmillion"]; $thousand=$_POST["thousand"]; $million=$_POST["million"]; $years=$_POST["years"]; $teamname=$_POST["teamname"]; $pass=$_POST["password"]; $player=$_POST["player"]; $position=$_POST["position"]; $ip=$_SERVER['REMOTE_ADDR']; $today = date("F j, Y, g:i a"); $id=0; //$player=ereg_replace("'","\'",$player); // CONNECT TO DATABASE $db = @mysql_connect($host,$user,$password) or die("<html><head><body bgcolor=$bgcolor alink=$bglinkcolor vlink=$bglinkcolor link=$bglinkcolor>User Error!</body></html>"); @mysql_select_db($database,$db) or die("<html><head><body bgcolor=$bgcolor alink=$bglinkcolor vlink=$bglinkcolor link=$bglinkcolor>Database Error!</body></html>"); //$player=stripslashes($player); $sql_query = "SELECT * FROM madcat_players where name='$player' and pos='$position'"; $result= mysql_query($sql_query); //echo $sql_query . "<br>\n"; $array= mysql_fetch_array($result); $id = $array["id"]; if ($id > '0'){ $sql_query= "Select * from madcat_yearly_player_info where id='$id' order by year desc limit 1"; $result=mysql_query($sql_query); //echo $sql_query . "<br>\n"; $array=mysql_fetch_array($result); $overall=$array["ovr"]; } else{ die("No such player found. Try again. Player is $player and position is $position"); } You will see I have tried to replace the punctuation and stripslashes but nothing has made this work. It does work fine for any player name that has no punctuation in it. Thanks again. Quote Link to comment Share on other sites More sharing options...
aschk Posted December 5, 2007 Share Posted December 5, 2007 Try using mysql_real_escape_string() instead of doing your own substitution. Quote Link to comment Share on other sites More sharing options...
jaymc Posted December 5, 2007 Share Posted December 5, 2007 do $sql_query = "SELECT * FROM madcat_players where name='$player' and pos='$position'"; echo $sql_query; And paste us what you seen on screen for sql_query Paste on eresult with strip slashes and one without Quote Link to comment Share on other sites More sharing options...
jwer78 Posted December 5, 2007 Author Share Posted December 5, 2007 Ok so ereg_replace active on both. With stripslashes = SELECT * FROM madcat_players where name=' D'Wayne Matthews' and pos='LT' Without = SELECT * FROM madcat_players where name=' D\'Wayne Matthews' and pos='LT' Thanks again Quote Link to comment Share on other sites More sharing options...
matstuff Posted December 5, 2007 Share Posted December 5, 2007 Hi, When you say it works in SQLyog, does it return a row, or does it just run with zero results? If you echo the SQL, copy and paste that to SQLyok and then run that, does it still work?! Your SQL isn't very efficient. You could achieve the same thing in one SELECT... SELECT madcat_yearly_player_info.*, madcat_players.name AS playerName FROM madcat_players INNER JOIN madcat_yearly_player_info USING(id) WHERE playerName='splodge'; Or something like that anyway...! Anyway, you can't strip the slashes!! As your example just showed, SELECT ... WHERE name='D'Wayne Matthews' That's just not going to work! The string is terminated after the 'D' by the second single quote. You could try enclosing it in double quotes... $sql_query = sprintf("SELECT * FROM madcat_players WHERE name = \"%s\" AND pos = \"%s\"", $player, $position) Quote Link to comment Share on other sites More sharing options...
jwer78 Posted December 5, 2007 Author Share Posted December 5, 2007 Yes it works in sqlyog, it actually works with or without the slash I gave sprintf a try and it still did not work. Quote Link to comment Share on other sites More sharing options...
jaymc Posted December 5, 2007 Share Posted December 5, 2007 I dont see how this isnt working, its perfectly fine Try SELECT * FROM `madcat_players` WHERE `name` = ' D\'Wayne Matthews' AND `pos` = 'LT' Sometimes its wierd like that! Quote Link to comment Share on other sites More sharing options...
aschk Posted December 5, 2007 Share Posted December 5, 2007 Errr.... why are you using double quotes (") in your SQL statement? Quote Link to comment Share on other sites More sharing options...
jaymc Posted December 5, 2007 Share Posted December 5, 2007 He isn't, that was another dudes example However, it doesnt matter anyway.. Single or double are fine, providing are slashed out if variable uses the same Quote Link to comment Share on other sites More sharing options...
matstuff Posted December 5, 2007 Share Posted December 5, 2007 Can you use the MySQL prompt directly? SELECT * FROM madcat_players where name=' D'Wayne Matthews' and pos='LT' That should not work! The number of single quotes is not matched. SQLyog must be doing something to that statement. I just tried running the command: SELECT psnId, psnName FROM people WHERE psnName = 'M'at' and MySQL was having none of it... I agree with jaymc - ' D\'Wayne Matthews' should work... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.