Page 1 of 1

HElp..The search string passed into mysql query having singl

Posted: Mon Mar 19, 2007 6:56 pm
by anirbanb2004
Hi I am trying to write a code that is simple..I will pass a variable $word and it will search all the rows in a MySql table.
Now If the string in $word contains single quote(') then it is creating problem.
Please help me It is very important...

Code: Select all


$string=$_POST['name']; 

$query="select * from Words where Word='$string'"; 
$result=mysql_query($query);

Posted: Mon Mar 19, 2007 6:58 pm
by Chris Corbyn
If you keep duplicate posting you'll get banned. Stop now.

mysql_real_escape_string()