0

Hello,
When I run this query then i am getting
SELECT * FROM upload where cas_no='\'104-55-2\''
Why I get backslash in my query ? Otherwise query is ok. and URL value is exact value. www.abc.com/upload_reportt.php?cas_no='104-55-2'.... so what happen with my sql query?

<?php 
session_start();
include(functions.php);
?>
<body bgcolor="#F5F5DC">
<a href="logout.php"><h3 align="right">Logout</h3> </a>
<center>
 <table width="600" border="1" frame="box"  bgcolor="#CCC">
<tr>

<th>CAS No</th>
<th>Title</th>
<th>file name</th>

</tr>
<?php
$where="";
if(!empty($_GET['cas_no'])){
echo $c_no=$_GET['cas_no'];
$where="where cas_no='$c_no' ";
}
db_connect();
echo $qry="SELECT * FROM upload $where";

$result=mysql_query($qry);



while($row=mysql_fetch_array($result))
{ 
  echo"<tr>
  <td>".$row['cas_no']."</td>
  <td>".$row['title']."</td>
  <td><a href='/".$row['file_name']."' target='new'>".$row['file_name']."</a></td></tr>";
}

mysql_close($db);

?>
</table>
</center>
</body>
</html>
5
Contributors
8
Replies
9
Views
4 Years
Discussion Span
Last Post by simplypixie
0

why r u not using magic quotes. second option is make store the query in variable and then call the variable.

0

hello,

I am using this also but still not getting the output. And I have also checked the value of $_GET['cas_no'] i.e print_r($_GET['cas_no']) but i get again backslash i.e \'104-55-2\'. I think there is no error in where query but I am still not getting where is the error in this script?

0

Take out the single quotes in the url - they are not required:

www.example.com/upload_reportt.php?cas_no=104-55-2
0

use a string function str_ireplace(find,replace,string,count) like this

$str=$_GET['cas_no'];
$c_no=str_ireplace("\","",$str);
echo $c_no;

0

The above will give an error, you must use a double backslash:

$c_no=str_ireplace("\\","",$str);
0

What is your url code that you GET from as if it is echoing out like that as well, then that is where your problem lies.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.