I have this page that you can do a search on the site. However, if I do a search that contains an apostrophe ('), it breaks and doesn't display anything although I have entries that have them. Does an easy fix exist for this problem?

This is an example of what I have:

$search = $_GET['search'];

SELECT * FROM tbl_name WHERE name LIKE '%$search%'
Member Avatar

you need to use mysql_real_escape_string() on any data passed from the user (querystring, form, cookie).

Would it look like this?

$search = mysql_real_escape_string($_GET['search']);

SELECT * FROM tbl_name WHERE name LIKE '%$search%'
Member Avatar

It would indeed. If it's solved, mark it so, but try it first.

Doesn't quite work. This is the query that it runs...

SELECT * FROM tbl_name WHERE name LIKE '%beverly\'s%'

It adds in the \ before the 's and it is not like that in the database. Furthermore, when I changed the database to "beverly\'s" and did a search for that, then the query had "beverly\\\'s".

Finally, when I remove the mysql_real_escape_string(), it doesn't add the \.

Any further help would be greatly appreciated.

Upon further testing, I did it using Dreamweaver's code way and it works providing the search form is in POST method rather than GET. Still can't get it to work the way we were talking about....

Would prefer to get it to work without using Dreamweaver's code but I can limp along with it this way for now.

Member Avatar

Is

magic_quotes_gpc = Off

in your php.ini file?