> I'm trying to query the database using a string pulled out of the database > and compare and get the id. I can do it to a certain point and what kills > my query is single quotes. I CANNOT figure out how to escape it. > > I DID THIS: > $address2 = str_replace("'", "", $address); > > that worked on some, but not all. > $address = stripslashes($store['address']); > $address = str_replace("'", "", $address); > $address = htmlspecialchars($address); > $address = addslashes($address); > > anyone > > Some errors I have gotten back > "You have an error in your SQL syntax near 's Linen & Home'' at line 1" > and > "You have an error in your SQL syntax near 's 800 number.'' at line 1"
You need to use addslashes() on any string you insert into your query. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php