Mysql database query - single quotes

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
ssand
Forum Commoner
Posts: 72
Joined: Sat Jun 22, 2002 9:25 pm
Location: Iowa

Mysql database query - single quotes

Post by ssand »

I have the following snipit for a query.

Code: Select all

WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?

Thanks
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: Mysql database query - single quotes

Post by s.dot »

ssand wrote:I have the following snipit for a query.

Code: Select all

WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?

Thanks
Concatenate.

Code: Select all

mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '" . $_GET['inv'] . "'");

Code: Select all

mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '{$_GET['inv']}'");
And, you should use some protection on your variables. Look into mysql_real_escape_string(), at least. And, I'm completely assuming you're using MySQL as your dbms.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
ev0l
Forum Commoner
Posts: 56
Joined: Thu Jun 21, 2007 1:50 pm

Re: Mysql database query - single quotes

Post by ev0l »

scottayy wrote: I'm completely assuming you're using MySQL as your dbms.
He must be, the ` character is non-standard SQL only supported by MySQL .
ssand
Forum Commoner
Posts: 72
Joined: Sat Jun 22, 2002 9:25 pm
Location: Iowa

Post by ssand »

Thanks for the fast replies.


-
Post Reply