quote help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Greg19
Forum Newbie
Posts: 23
Joined: Sun Dec 07, 2008 12:47 pm

quote help

Post by Greg19 »

Hello I'm having some problems with my code here and I'm pretty sure it has to do with how I used quotes in this section:

Code: Select all

$firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \''frimware'\'';
 
Thanks

Code: Select all

<?php
session_start(); 
if(!isset($_SESSION['company'])){ 
    header('Location: login.php'); die('<a href="Login.php">Login first!</a>');
   }
$query = mysql_connect("**************.net", "**********", "***********") or die(mysql_error());
mysql_select_db('********', $query) or die(mysql_error());
 
if(isset($_POST['product'])) {
    
     $product = ($_POST['company']);
    
     $firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \''frimware'\'';
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $z  )
                {
                 echo "<li> <a href='support/$product/firmware/$z'>\n" .$z."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
   
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>account</title>
</head>
<body>
<form method="post" action="account.php">
<?php
         $conn ='SELECT product_id FROM `customers_products` WHERE company =  \''.mysql_real_escape_string($_SESSION['company']).'\'' ;
         $result = mysql_query($conn,$query);
  
         while($row=mysql_fetch_row($result))
          {
           $product_id[] = $row[0];
          }
         echo  "<select name='product'>\n" ;
         foreach( $product_id as $v  )
                {
                 echo "<option value='$v'>\n" .$v."</option>\n";
                }
         echo "</select>\n";
         
?>       
    <input type="submit" name="submit" value="Go" />
</form>
</body>
</html>
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: quote help

Post by califdon »

You're right. You can't use single quotes nested within single quotes like that. You need to either escape the inner ones with backslashes or use double and single quotes, like this:

Code: Select all

$firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \'frimware\'';
 
or (I prefer)
 
$firm ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'frimware'";
Well, DAMN! this BBcode won't let me illustrate the escape mechanism! In the first example, the apostrophes that are printed in black should look like this: \'
Greg19
Forum Newbie
Posts: 23
Joined: Sun Dec 07, 2008 12:47 pm

Re: quote help

Post by Greg19 »

Thanks
Post Reply