i'm not getting any results for the query. I'm sure it has something to do with the apostrophe and back slashes

$search = "q test'yes";
$search = mysql_real_escape_string($search);
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);

When i echo it out i get this

SELECT * FROM block WHERE name LIKE '%q test\\\'yes%' ORDER BY `id` DESC

is there a solution to this without turning off magic quotes?

try this

SELECT * FROM block WHERE name LIKE '%q test''yes%' ORDER BY id DESC

try this

SELECT * FROM block WHERE name LIKE '%q test''yes%' ORDER BY id DESC

$search = "q test'yes";

typing out the search term manually won't solve the problem. if the user uses an apostrophe when searching it should fetch results.

Find and replace each single quote with two single quotes, before passing the same into SQL engine.

?

so...

$search = "q test"yes";

This may help.

If magic quotes are on then you don't need to use mysql_real_escape_string() to escape apostrophe. What actually is saved in the database? Is it q test"yes or q test\"yes?

if you are going to use mysql_real_escape_string() , then stripslahses() first since magic_quotes are enabled - ex:

$search = "q test'yes";
$search = mysql_real_escape_string( stripslashes($search) );
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);
$search = "q test'1";

$search = mysql_real_escape_string($search);

mysql_query("SELECT * FROM test WHERE name='$search' ORDER BY `id` DESC LIMIT 1",$this->connect);

when i echo my select query i get this.

SELECT * FROM test WHERE name='q test\'1' ORDER BY `id` DESC LIMIT 1

in the database i have a row with name = q test\'1

the row isn't being retrieved, What do i have to change to get the query to retrieve the result?

before one there are two single quotes not double quote

$search="q test\\''1";

before one there are two single quotes not double quote

$search="q test\\''1";

thanks but the user isn't going to type that in. what would i have to do to change q test'1 to your example?

If your text contains \ then user must type \. For single quote you may do following

$search=str_replace("'","''",$search);
$search=str_replace("\","\\",$search);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.