SELECT with ' in search term

If the variable $segment has an ' in it the $query won't work because of
having 3 ' 's.

Should I be using:

$segment = mysql_real_escape_string($segment);

before querying the database?

$query="SELECT `reference` FROM `bible_concordance_words` WHERE `word` =
'$segment' LIMIT 1";

Please note: $segment wasn't submitted through a form.

Thanks.

Ron


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
ron.piggott [ Fr, 13 August 2010 05:26 ] [ ID #2046004 ]

Re: SELECT with ' in search term

On 13/08/10 13:26, Ron Piggott wrote:
> If the variable $segment has an ' in it the $query won't work because of
> having 3 ' 's.
>
> Should I be using:
>
> $segment = mysql_real_escape_string($segment);
>
> before querying the database?

Use it in your query. Don't use it anywhere else. Your code may use it
after the query and cause weird stuff, ala:

$segment = 'this is my segment';
$segment = mysql_real_escape_string($segment);
$query = ....;

echo 'My segment name is ' . htmlspecialchars($segment);

So it'll become:

$query="SELECT `reference` FROM `bible_concordance_words` WHERE `word` =
'" . mysql_real_escape_string($segment) . "' LIMIT 1";


> Please note: $segment wasn't submitted through a form.

Doesn't matter.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
dmagick [ Fr, 13 August 2010 05:42 ] [ ID #2046005 ]
PHP » gmane.comp.php.database » SELECT with ' in search term

Vorheriges Thema: how to explain such a regular syntax
Nächstes Thema: Unable to connect to mysql database

[ Startseite ] [ Administrator ] [ Suche ] [ Hinweise ] [ Impressum ]

Powered by FudForum