mysql where clause and apostrophe

Question

MDanz 0 Junior Poster

13 Years Ago

i'm not getting any results for the query. I'm sure it has something to do with the apostrophe and back slashes

$search = "q test'yes";
$search = mysql_real_escape_string($search);
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);

When i echo it out i get this

SELECT * FROM block WHERE name LIKE '%q test\\\'yes%' ORDER BY `id` DESC

is there a solution to this without turning off magic quotes?

mysql

5 Contributors
11 Replies
2K Views
1 Day Discussion Span
Latest Post 13 Years Ago Latest Post by urtrivedi

debasisdas 580 Posting Genius

13 Years Ago

try this

SELECT * FROM block WHERE name LIKE '%q test''yes%' ORDER BY id DESC

debasisdas 580 Posting Genius

13 Years Ago

Find and replace each single quote with two single quotes, before passing the same into SQL engine.

debasisdas 580 Posting Genius

13 Years Ago

This may help.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

MDanz 0 Junior Poster · Answer 1 · 2011-07-19T12:34:23+00:00

try this

SELECT * FROM block WHERE name LIKE '%q test''yes%' ORDER BY id DESC

$search = "q test'yes";

typing out the search term manually won't solve the problem. if the user uses an apostrophe when searching it should fetch results.

MDanz 0 Junior Poster · Answer 2 · 2011-07-19T12:50:33+00:00

MDanz 0 Junior Poster

13 Years Ago

?

so...

$search = "q test"yes";

mwasif 10 Posting Whiz · Answer 3 · 2011-07-20T01:44:40+00:00

If magic quotes are on then you don't need to use mysql_real_escape_string() to escape apostrophe. What actually is saved in the database? Is it q test"yes or q test\"yes?

hielo 65 Veteran Poster · Answer 4 · 2011-07-20T09:17:59+00:00

if you are going to use mysql_real_escape_string() , then stripslahses() first since magic_quotes are enabled - ex:

$search = "q test'yes";
$search = mysql_real_escape_string( stripslashes($search) );
mysql_query("SELECT * FROM block WHERE name LIKE '%$search%' ORDER BY `id` DESC",$this->connect);

MDanz 0 Junior Poster · Answer 5 · 2011-07-20T09:24:12+00:00

$search = "q test'1";

$search = mysql_real_escape_string($search);

mysql_query("SELECT * FROM test WHERE name='$search' ORDER BY `id` DESC LIMIT 1",$this->connect);

when i echo my select query i get this.

SELECT * FROM test WHERE name='q test\'1' ORDER BY `id` DESC LIMIT 1

in the database i have a row with name = q test\'1

the row isn't being retrieved, What do i have to change to get the query to retrieve the result?

urtrivedi 276 Nearly a Posting Virtuoso · Answer 6 · 2011-07-20T09:59:12+00:00

before one there are two single quotes not double quote

$search="q test\\''1";

MDanz 0 Junior Poster · Answer 7 · 2011-07-20T10:33:49+00:00

before one there are two single quotes not double quote
$search="q test\\''1";

thanks but the user isn't going to type that in. what would i have to do to change q test'1 to your example?

urtrivedi 276 Nearly a Posting Virtuoso · Answer 8 · 2011-07-20T11:35:18+00:00

If your text contains \ then user must type \. For single quote you may do following

$search=str_replace("'","''",$search);
$search=str_replace("\","\\",$search);