PDO, rowCount & apostrophes

Question

bobgodwin 14 Newbie Poster

13 Years Ago

I'm using this code to check if a record exists or not:

$filename = $_FILES["file"]["name"]; /// FROM FORM
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$bull = substr($filename, 0, strpos($filename, '.'));
 
$myQuery = "SELECT * 
            FROM $media
	    WHERE label='$bull' "; 
$result	 = $dbh->prepare($myQuery);
$result->execute();
$cont = $result->rowCount();

	if ($cont == 1) {
		echo $bull.' Exists'; 
	}
	else {
		echo $bull.' Does Not Exists'; 
	}

Which works fine except if there's an apostrophes in the record. Then it returns that it doesn't exist. So if "Hello There" exists, it says so. But if "Where's Hello" exists, it says it doesn't.

php

2 Contributors
4 Replies
150 Views
8 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by bobgodwin

All 4 Replies

diafol

13 Years Ago

look at mysql_real_escape_string()

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

bobgodwin 14 Newbie Poster · Answer 1 · 2011-04-18T01:22:05+00:00

look at mysql_real_escape_string()

Magic quotes are turned off and I'm not using mysql_real_escape_string() on this query.

diafol · Answer 2 · 2011-04-18T01:54:03+00:00

> I'm not using mysql_real_escape_string() on this query.

You should. It'll work.

bobgodwin 14 Newbie Poster · Answer 3 · 2011-04-18T03:18:40+00:00

> I'm not using mysql_real_escape_string() on this query.
You should. It'll work.

You're right, it will work. But I wanted to make the code more portable, so I opted for addslashes(), adding it to the extension stripper and putting it in the SELECT statement (I tried it earlier, but had it in the wrong place).

$filename = $_FILES["file"]["name"];
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$bull = substr($filename, 0, strpos($filename, '.')); // strip extension

$slashed_bull = addslashes($bull);
 
$myQuery = "SELECT * 
            FROM $media
	    WHERE label='$slashed_bull' "; 
$result	 = $dbh->prepare($myQuery);
$result->execute();
$cont = $result->rowCount();

	if ($cont == 1) {
		echo $bull .' Exists<br />'.$cont;
	}
	else {
		echo $bull .' Does Not Exists<br />'.$cont;
	}

Thanks for the reply.

PDO, rowCount & apostrophes

Recommended Answers Collapse Answers

All 4 Replies

Recommended Answers