When I run this query then i am getting
SELECT * FROM upload where cas_no='\'104-55-2\''
Why I get backslash in my query ? Otherwise query is ok. and URL value is exact value. www.abc.com/upload_reportt.php?cas_no='104-55-2'.... so what happen with my sql query?

<body bgcolor="#F5F5DC">
<a href="logout.php"><h3 align="right">Logout</h3> </a>
 <table width="600" border="1" frame="box"  bgcolor="#CCC">

<th>CAS No</th>
<th>file name</th>

echo $c_no=$_GET['cas_no'];
$where="where cas_no='$c_no' ";
echo $qry="SELECT * FROM upload $where";


  <td><a href='/".$row['file_name']."' target='new'>".$row['file_name']."</a></td></tr>";



Recommended Answers

All 8 Replies

why r u not using magic quotes. second option is make store the query in variable and then call the variable.


Can you plz explain?

Try changing your where variable to:

$where="where cas_no='".$c_no."' ";


I am using this also but still not getting the output. And I have also checked the value of $_GET['cas_no'] i.e print_r($_GET['cas_no']) but i get again backslash i.e \'104-55-2\'. I think there is no error in where query but I am still not getting where is the error in this script?

Member Avatar

Take out the single quotes in the url - they are not required:


use a string function str_ireplace(find,replace,string,count) like this

echo $c_no;

Member Avatar

The above will give an error, you must use a double backslash:


What is your url code that you GET from as if it is echoing out like that as well, then that is where your problem lies.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.