PHP and MySQL problems with ' and " have been discussed ad nausea on the web. I still don't get it. For example my db has an Author's name field with someone called O'Brien. If I create the DB with phpMyAdmin by reading in a CSV file, that field will show as O'Brien. (not O\'Brien)
In a search form the user can type in the Author field: O'Brien. In the searchResults.php program, I don't get a match, even though I've tried using mysqli_real_escape_string or addslashes or stripslashes on the POST .field. I must be building the PHP query wrong. Here's what I have:
$Author = stripslashes($_POST);
$SQL = "select * from Catalog where Authors Like '%".$Author."%'"; // can't find in file
// before stripslashes $Author looks like O\'Brien
// after strip looks like O'Brien
the resulting SQL statement looks like:
select * from Catalog where Authors Like '%O'Brien%'
This looks bad, with the unbalanced apostrophes.
Is there a need to build the DB so that the MySQL fields contain \' instead of ' If so, how can I do that?
Alternatively, how can I build my query string without these problems?
It would seem that the DB and my query should both have O\'Brien, in order to get a match and be selected.