Hello,
When I run this query then i am getting
SELECT * FROM upload where cas_no='\'104-55-2\''
Why I get backslash in my query ? Otherwise query is ok. and URL value is exact value. www.abc.com/upload_reportt.php?cas_no='104-55-2'.... so what happen with my sql query?

<?php 
session_start();
include(functions.php);
?>
<body bgcolor="#F5F5DC">
<a href="logout.php"><h3 align="right">Logout</h3> </a>
<center>
 <table width="600" border="1" frame="box"  bgcolor="#CCC">
<tr>

<th>CAS No</th>
<th>Title</th>
<th>file name</th>

</tr>
<?php
$where="";
if(!empty($_GET['cas_no'])){
echo $c_no=$_GET['cas_no'];
$where="where cas_no='$c_no' ";
}
db_connect();
echo $qry="SELECT * FROM upload $where";

$result=mysql_query($qry);



while($row=mysql_fetch_array($result))
{ 
  echo"<tr>
  <td>".$row['cas_no']."</td>
  <td>".$row['title']."</td>
  <td><a href='/".$row['file_name']."' target='new'>".$row['file_name']."</a></td></tr>";
}

mysql_close($db);

?>
</table>
</center>
</body>
</html>

why r u not using magic quotes. second option is make store the query in variable and then call the variable.

Try changing your where variable to:

$where="where cas_no='".$c_no."' ";

hello,

I am using this also but still not getting the output. And I have also checked the value of $_GET['cas_no'] i.e print_r($_GET['cas_no']) but i get again backslash i.e \'104-55-2\'. I think there is no error in where query but I am still not getting where is the error in this script?

Member Avatar

diafol

Take out the single quotes in the url - they are not required:

www.example.com/upload_reportt.php?cas_no=104-55-2

use a string function str_ireplace(find,replace,string,count) like this

$str=$_GET['cas_no'];
$c_no=str_ireplace("\","",$str);
echo $c_no;

Member Avatar

diafol

The above will give an error, you must use a double backslash:

$c_no=str_ireplace("\\","",$str);

What is your url code that you GET from as if it is echoing out like that as well, then that is where your problem lies.