PHP-MySQL problem

robertboyle · #1 Jun 13th, 2006, 06:04

Hi,

I have the following code:




$sec = "Répertoires d'objets multimédias";

mysql_query("SELECT * FROM dir WHERE sec=\"$sec\" ORDER BY st ASC",$db);

and it returns 0 rows. When I use another $sec value, one that doesn't contain an apostrophe ('), it returns normal rows. How can I fix that?

Thanks.

Robert

Gee Bee · #2 Jun 13th, 2006, 10:14

$sec = htmlentities("Répertoires d'objets multimédias");

Aug · #3 Jun 15th, 2006, 11:46

The proper way to do this is to espace the '. To do so simply call addslashes.

Code: Select all

$sec = "Répertoires d'objets multimédias";
$sec = addslashes($sec);
mysql_query("SELECT * FROM dir WHERE sec=\"$sec\" ORDER BY st ASC",$db);

Gee Bee · #4 Jun 16th, 2006, 11:11

I think we're both wrong! A beter function would be mysql_real_escape_string(), anyone else with any better ideas?!?!

Aug · #5 Jun 16th, 2006, 13:02

mysql_real_escape_string is better as it uses the mysql connection but it is not necessary unless the input is from the user. However, when using mysql_real_escape_string you have to make sure the value is not numeric.

That is easily done but using the is_numeric function like so:

Code: Select all

if(!is_numeric $variable)
{
    $variable = "'" . mysql_real_escape_string($variable) . "'";
}

But that is only necessary when the input is coming from user and you wish to protect against sql injection.

A.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
PHP problem in Apache/PHP/MySQL	JohnI	PHP Forum	6	Aug 7th, 2008 10:26
Php/Mysql Image Problem	csun	PHP Forum	11	Oct 27th, 2007 20:12
mySQL - PHP (problem) - XML - Flash	photofx	PHP Forum	3	Jul 27th, 2007 17:43
Mysql syntax problem...	ktsirig	Databases	1	Jan 6th, 2006 15:51
Mysql sorting problem....	mills	Databases	2	Jul 26th, 2005 09:08

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
PHP-MySQL problem