Page 1 of 1

Fulltext search of mySql database using PDO - apostrophe in

Posted: Thu Jan 12, 2012 10:55 am
by blizzardofozz
Can you please help me on this?

I have a method of a class that uses PDO to search mysql database and it works but the problem is with apostrophe in a search string - it shows:

Syntax error or access violation: 1064.

When single or double quotes in the string the script works fine – no slashes and no errors. This is the case when the site is on local WAMPSERVER 2.1.

When I put the same site on a live server the characters (apostrophe, quotes) are escaped with slashes? Even if I use PDO?

Any ideas why?

Code: Select all

        public static function searchstring($per_page=0, $pg_offset=0, $search=0){
        global $database;
        $sql = "SELECT * FROM tablename WHERE MATCH (fieldname) AGAINST (:searchstr IN BOOLEAN MODE) LIMIT {$per_page} OFFSET {$pg_offset}";

        try {
            $database->prepare($sql);
            $database->bindParam(':searchstr', $search);
            $database->execute();
            $result_array = $database->fetch_array($sql);

            return $result_array;   

        } catch (Exception $e) {
            echo $e->getMessage();
        }
    }


Re: Fulltext search of mySql database using PDO - apostrophe

Posted: Thu Jan 12, 2012 11:12 am
by pickle
The one thing I don't like about prepared statements is you can't see the actual query as its being run on the server (or maybe you can & I just don't know how). In this case, I wouldn't bother with a prepared statement - you're actually increasing the traffic between your web server & db server. Even if it's on the same box, you're doing more work than necessary.

Re: Fulltext search of mySql database using PDO - apostrophe

Posted: Thu Jan 12, 2012 2:20 pm
by blizzardofozz
The script, which I posted above works fine, there was an error in other function. Sorry if I have wasted your time.