[PHP-DB] SELECT with ' in search term

[Ron Piggott]

If the variable $segment has an ' in it the $query won't work because of
having 3 ' 's.

Should I be using:

$segment = mysql_real_escape_string($segment);

before querying the database?

$query=SELECT `reference` FROM `bible_concordance_words` WHERE `word` =
'$segment' LIMIT 1;

Please note:  $segment wasn't submitted through a form.

Thanks.

Ron


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP-DB] SELECT with ' in search term

[Chris]

On 13/08/10 13:26, Ron Piggott wrote:

If the variable $segment has an ' in it the $query won't work because of
having 3 ' 's.

Should I be using:

$segment = mysql_real_escape_string($segment);

before querying the database?


Use it in your query. Don't use it anywhere else. Your code may use it 
after the query and cause weird stuff, ala:


$segment = 'this is my segment';
$segment = mysql_real_escape_string($segment);
$query  = ;

echo 'My segment name is ' . htmlspecialchars($segment);

So it'll become:

$query=SELECT `reference` FROM `bible_concordance_words` WHERE `word` =
' . mysql_real_escape_string($segment) . ' LIMIT 1;



Please note:  $segment wasn't submitted through a form.


Doesn't matter.

--
Postgresql  php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php