0

i'm not getting any results for the query. I'm sure it has something to do with the apostrophe and back slashes

$search = "q test'yes";
$search = mysql_real_escape_string($search);
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);

When i echo it out i get this

SELECT * FROM block WHERE name LIKE '%q test\\\'yes%' ORDER BY `id` DESC

is there a solution to this without turning off magic quotes?

5
Contributors
11
Replies
13
Views
6 Years
Discussion Span
Last Post by urtrivedi
0

try this

SELECT * FROM block WHERE name LIKE '%q test''yes%' ORDER BY id DESC

$search = "q test'yes";

typing out the search term manually won't solve the problem. if the user uses an apostrophe when searching it should fetch results.

0

If magic quotes are on then you don't need to use mysql_real_escape_string() to escape apostrophe. What actually is saved in the database? Is it q test"yes or q test\"yes?

0

if you are going to use mysql_real_escape_string() , then stripslahses() first since magic_quotes are enabled - ex:

$search = "q test'yes";
$search = mysql_real_escape_string( stripslashes($search) );
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);
0
$search = "q test'1";

$search = mysql_real_escape_string($search);

mysql_query("SELECT * FROM test WHERE name='$search' ORDER BY `id` DESC LIMIT 1",$this->connect);

when i echo my select query i get this.

SELECT * FROM test WHERE name='q test\'1' ORDER BY `id` DESC LIMIT 1

in the database i have a row with name = q test\'1

the row isn't being retrieved, What do i have to change to get the query to retrieve the result?

0

before one there are two single quotes not double quote

$search="q test\\''1";

Edited by urtrivedi: n/a

0

before one there are two single quotes not double quote

$search="q test\\''1";

thanks but the user isn't going to type that in. what would i have to do to change q test'1 to your example?

0

If your text contains \ then user must type \. For single quote you may do following

$search=str_replace("'","''",$search);
$search=str_replace("\","\\",$search);

Edited by urtrivedi: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.