PHP + MySQL Escaping Special Characters IMPORTANT..Please
Posted: Fri Jun 29, 2007 4:04 am
I have this variable which is a user input comes from a text box
$item=$_POST['item']; // sponge bob's & crabby# patty
I insert $item into the table without any problems.
Now I want to use it in a SELECT QUERY.
Lets say we are on on a different PHP page and I retrieved $item so I could use it for an SQL SELECT QUERY.
$tempQuery=mysql_query("SELECT * from itemtable where item_name= '$item' ");
Remember : $item contains an apostrophy(') ampersand(&) and pound sign(#)
How do I escape these characters so that my query will be executed properly. Now Im getting sql error coz of those special characters.
Im using PHP5 + MYSQL
I would like to know how to escape all the special characters.
In plain english hehehe...Im kinda new at this...THANKS
$item=$_POST['item']; // sponge bob's & crabby# patty
I insert $item into the table without any problems.
Now I want to use it in a SELECT QUERY.
Lets say we are on on a different PHP page and I retrieved $item so I could use it for an SQL SELECT QUERY.
$tempQuery=mysql_query("SELECT * from itemtable where item_name= '$item' ");
Remember : $item contains an apostrophy(') ampersand(&) and pound sign(#)
How do I escape these characters so that my query will be executed properly. Now Im getting sql error coz of those special characters.
Im using PHP5 + MYSQL
I would like to know how to escape all the special characters.
In plain english hehehe...Im kinda new at this...THANKS