getting error of backslash in mysql query

Question

harsha.netpem -3 Newbie Poster

12 Years Ago

Hello,
When I run this query then i am getting
SELECT * FROM upload where cas_no='\'104-55-2\''
Why I get backslash in my query ? Otherwise query is ok. and URL value is exact value. www.abc.com/upload_reportt.php?cas_no='104-55-2'.... so what happen with my sql query?

<?php 
session_start();
include(functions.php);
?>
<body bgcolor="#F5F5DC">
<a href="logout.php"><h3 align="right">Logout</h3> </a>
<center>
 <table width="600" border="1" frame="box"  bgcolor="#CCC">
<tr>

<th>CAS No</th>
<th>Title</th>
<th>file name</th>

</tr>
<?php
$where="";
if(!empty($_GET['cas_no'])){
echo $c_no=$_GET['cas_no'];
$where="where cas_no='$c_no' ";
}
db_connect();
echo $qry="SELECT * FROM upload $where";

$result=mysql_query($qry);



while($row=mysql_fetch_array($result))
{ 
  echo"<tr>
  <td>".$row['cas_no']."</td>
  <td>".$row['title']."</td>
  <td><a href='/".$row['file_name']."' target='new'>".$row['file_name']."</a></td></tr>";
}

mysql_close($db);

?>
</table>
</center>
</body>
</html>

mysql php

5 Contributors
8 Replies
145 Views
1 Day Discussion Span
Latest Post 12 Years Ago Latest Post by simplypixie

vaayaa1 0 Newbie Poster

12 Years Ago

why r u not using magic quotes. second option is make store the query in variable and then call the variable.

simplypixie 123 Posting Pro in Training

12 Years Ago

Try changing your where variable to:

$where="where cas_no='".$c_no."' ";

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

harsha.netpem -3 Newbie Poster · Answer 1 · 2012-08-25T08:00:39+00:00

harsha.netpem -3 Newbie Poster

12 Years Ago

hello,

Can you plz explain?

harsha.netpem -3 Newbie Poster · Answer 2 · 2012-08-25T10:06:46+00:00

hello,

I am using this also but still not getting the output. And I have also checked the value of $_GET['cas_no'] i.e print_r($_GET['cas_no']) but i get again backslash i.e \'104-55-2\'. I think there is no error in where query but I am still not getting where is the error in this script?

diafol · Answer 3 · 2012-08-25T11:35:31+00:00

Take out the single quotes in the url - they are not required:

www.example.com/upload_reportt.php?cas_no=104-55-2

aamna@daniewb 0 Newbie Poster · Answer 4 · 2012-08-25T12:01:07+00:00

use a string function str_ireplace(find,replace,string,count) like this

$str=$_GET['cas_no'];
$c_no=str_ireplace("\","",$str);
echo $c_no;

diafol · Answer 5 · 2012-08-25T12:05:49+00:00

The above will give an error, you must use a double backslash:

$c_no=str_ireplace("\\","",$str);

simplypixie 123 Posting Pro in Training · Answer 6 · 2012-08-26T06:51:43+00:00

What is your url code that you GET from as if it is echoing out like that as well, then that is where your problem lies.