> I'm trying to query the database using a string pulled out of the
database
> and compare and get the id. I can do it to a certain point and what
kills
> my query is single quotes. I CANNOT figure out how to escape it.
>
> I DID THIS:
> $address2 = str_replace("'", "", $address);
>
> that worked on some, but not all.
> $address = stripslashes($store['address']);
> $address = str_replace("'", "", $address);
> $address = htmlspecialchars($address);
> $address = addslashes($address);
>
> anyone
>
> Some errors I have gotten back
> "You have an error in your SQL syntax near 's Linen & Home'' at line
1"
> and
> "You have an error in your SQL syntax near 's 800 number.'' at line 1"
You need to use addslashes() on any string you insert into your query.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
