sql and '

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

sql and '

Post by pelegk2 »

how do i make a select on sql statment
where i have something like this :
select * from mydb1 where name=bla'ewrewr

how do i do that?
beacuse the " ' " makes me problem
thanks in advance
peleg


__________________
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Code: Select all

$name = "bla'ewrewr";
$name = str_replace("'", "''", $name);
$sql = "select * from mydb1 where name='$name'";
There's also mysql_escape_string and addslashes.
User avatar
pelegk2
Forum Regular
Posts: 633
Joined: Thu Nov 27, 2003 5:02 am
Location: Israel - the best place to live in after heaven
Contact:

Post by pelegk2 »

what u actually say is to add another ' to the ' in the word?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Yes. but also be aware it can be dependent on things like magic_quotes.
Post Reply