On Thu, 9 Jun 2005, Ron Piggott wrote:

I created a PHP based mailing list that sends out a Bible verse and a
quotation each day. Today's verses were:


Let me show you some code:

It selects a Bible verse:

On a side note, this is going to be expensive... there was a long thread on this just recently, but at the very least do:

$random_record = rand(0, $value_from_query);
SELECT * FROM bible LIMIT 1 OFFSET $random_record;

Then it puts the text into variables:

Then immediately following this is the UPDATE that didn't work:
UPDATE `bible` SET `current_verse_of_the_day` = '1' WHERE `bible_verse_ref`
LIKE '$bible_verse_ref' AND `bible_verse_text` LIKE '$bible_verse_text' AND
`bible_verse_translation` LIKE '$bible_verse_translation' AND
`current_verse_of_the_day` LIKE '0' LIMIT 1

Where there are no ' or " this piece of code works just fine.  I am
essentially retrieving a Bible verse from the table and then immediately
searching for it to change the 'current_verse_of_the_day' to change from 0
to 1.  I have manually made the change for today and the
current_verse_of_the_day value was 0.  Similar code is used for the
quotation --- but there is no need for me to repeat it here.

Any ideas how I am able to get the use of ' or " to work on this page?


Escapes special characters in the unescaped_string, taking into account the current character set of the connection so that it is safe to place it in a mysql_query(). If binary data is to be inserted, this function must be used.

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

This function must always (with few exceptions) be used to make data safe before sending a query to MySQL.

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to