Page 1 of 1

quote help

Posted: Mon Dec 22, 2008 5:58 pm
by Greg19
Hello I'm having some problems with my code here and I'm pretty sure it has to do with how I used quotes in this section:

Code: Select all

$firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \''frimware'\'';
 
Thanks

Code: Select all

<?php
session_start(); 
if(!isset($_SESSION['company'])){ 
    header('Location: login.php'); die('<a href="Login.php">Login first!</a>');
   }
$query = mysql_connect("**************.net", "**********", "***********") or die(mysql_error());
mysql_select_db('********', $query) or die(mysql_error());
 
if(isset($_POST['product'])) {
    
     $product = ($_POST['company']);
    
     $firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \''frimware'\'';
     $result = mysql_query($conn,$query);
     while($row=mysql_fetch_row($result))
          {
           $name[] = $row[0];
          }
         echo "<ul>\n";
         foreach( $name as $z  )
                {
                 echo "<li> <a href='support/$product/firmware/$z'>\n" .$z."</a></li>\n";
                }
         echo "</ul>\n";
         echo "<br />";
   
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>account</title>
</head>
<body>
<form method="post" action="account.php">
<?php
         $conn ='SELECT product_id FROM `customers_products` WHERE company =  \''.mysql_real_escape_string($_SESSION['company']).'\'' ;
         $result = mysql_query($conn,$query);
  
         while($row=mysql_fetch_row($result))
          {
           $product_id[] = $row[0];
          }
         echo  "<select name='product'>\n" ;
         foreach( $product_id as $v  )
                {
                 echo "<option value='$v'>\n" .$v."</option>\n";
                }
         echo "</select>\n";
         
?>       
    <input type="submit" name="submit" value="Go" />
</form>
</body>
</html>

Re: quote help

Posted: Mon Dec 22, 2008 7:24 pm
by califdon
You're right. You can't use single quotes nested within single quotes like that. You need to either escape the inner ones with backslashes or use double and single quotes, like this:

Code: Select all

$firm ='SELECT name FROM `product_docs_support` WHERE product_id =  \''.mysql_real_escape_string($_post['product']).'\' AND type = \'frimware\'';
 
or (I prefer)
 
$firm ="SELECT name FROM `product_docs_support` WHERE product_id =  '".mysql_real_escape_string($_post['product'])."' AND type = 'frimware'";
Well, DAMN! this BBcode won't let me illustrate the escape mechanism! In the first example, the apostrophes that are printed in black should look like this: \'

Re: quote help

Posted: Tue Dec 23, 2008 12:09 am
by Greg19
Thanks