0

I'm using this code to check if a record exists or not:

$filename = $_FILES["file"]["name"]; /// FROM FORM
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$bull = substr($filename, 0, strpos($filename, '.'));
 
$myQuery = "SELECT * 
            FROM $media
	    WHERE label='$bull' "; 
$result	 = $dbh->prepare($myQuery);
$result->execute();
$cont = $result->rowCount();

	if ($cont == 1) {
		echo $bull.' Exists'; 
	}
	else {
		echo $bull.' Does Not Exists'; 
	}

Which works fine except if there's an apostrophes in the record. Then it returns that it doesn't exist. So if "Hello There" exists, it says so. But if "Where's Hello" exists, it says it doesn't.

2
Contributors
4
Replies
5
Views
6 Years
Discussion Span
Last Post by bobgodwin
0

look at mysql_real_escape_string()

Magic quotes are turned off and I'm not using mysql_real_escape_string() on this query.

Edited by bobgodwin: n/a

0

> I'm not using mysql_real_escape_string() on this query.

You should. It'll work.

You're right, it will work. But I wanted to make the code more portable, so I opted for addslashes(), adding it to the extension stripper and putting it in the SELECT statement (I tried it earlier, but had it in the wrong place).

$filename = $_FILES["file"]["name"];
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$bull = substr($filename, 0, strpos($filename, '.')); // strip extension

$slashed_bull = addslashes($bull);
 
$myQuery = "SELECT * 
            FROM $media
	    WHERE label='$slashed_bull' "; 
$result	 = $dbh->prepare($myQuery);
$result->execute();
$cont = $result->rowCount();

	if ($cont == 1) {
		echo $bull .' Exists<br />'.$cont;
	}
	else {
		echo $bull .' Does Not Exists<br />'.$cont;
	}

Thanks for the reply.

Edited by bobgodwin: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.