I have this page that you can do a search on the site. However, if I do a search that contains an apostrophe ('), it breaks and doesn't display anything although I have entries that have them. Does an easy fix exist for this problem?

This is an example of what I have:

$search = $_GET['search'];

SELECT * FROM tbl_name WHERE name LIKE '%$search%'
7 Years
Discussion Span
Last Post by diafol

you need to use mysql_real_escape_string() on any data passed from the user (querystring, form, cookie).


Would it look like this?

$search = mysql_real_escape_string($_GET['search']);

SELECT * FROM tbl_name WHERE name LIKE '%$search%'

It would indeed. If it's solved, mark it so, but try it first.


Doesn't quite work. This is the query that it runs...

SELECT * FROM tbl_name WHERE name LIKE '%beverly\'s%'

It adds in the \ before the 's and it is not like that in the database. Furthermore, when I changed the database to "beverly\'s" and did a search for that, then the query had "beverly\\\'s".

Finally, when I remove the mysql_real_escape_string(), it doesn't add the \.

Any further help would be greatly appreciated.


Upon further testing, I did it using Dreamweaver's code way and it works providing the search form is in POST method rather than GET. Still can't get it to work the way we were talking about....

Would prefer to get it to work without using Dreamweaver's code but I can limp along with it this way for now.

Edited by adamworld: n/a



magic_quotes_gpc = Off

in your php.ini file?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.