Page 1 of 1

sql and '

Posted: Wed Mar 24, 2004 3:26 am
by pelegk2
how do i make a select on sql statment
where i have something like this :
select * from mydb1 where name=bla'ewrewr

how do i do that?
beacuse the " ' " makes me problem
thanks in advance
peleg


__________________

Posted: Wed Mar 24, 2004 3:31 am
by markl999

Code: Select all

$name = "bla'ewrewr";
$name = str_replace("'", "''", $name);
$sql = "select * from mydb1 where name='$name'";
There's also mysql_escape_string and addslashes.

Posted: Wed Mar 24, 2004 5:04 am
by pelegk2
what u actually say is to add another ' to the ' in the word?

Posted: Wed Mar 24, 2004 5:12 am
by markl999
Yes. but also be aware it can be dependent on things like magic_quotes.