Page 1 of 1

Mysql database query - single quotes

Posted: Mon Oct 08, 2007 2:32 pm
by ssand
I have the following snipit for a query.

Code: Select all

WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?

Thanks

Re: Mysql database query - single quotes

Posted: Mon Oct 08, 2007 2:37 pm
by s.dot
ssand wrote:I have the following snipit for a query.

Code: Select all

WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?

Thanks
Concatenate.

Code: Select all

mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '" . $_GET['inv'] . "'");

Code: Select all

mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '{$_GET['inv']}'");
And, you should use some protection on your variables. Look into mysql_real_escape_string(), at least. And, I'm completely assuming you're using MySQL as your dbms.

Re: Mysql database query - single quotes

Posted: Mon Oct 08, 2007 2:49 pm
by ev0l
scottayy wrote: I'm completely assuming you're using MySQL as your dbms.
He must be, the ` character is non-standard SQL only supported by MySQL .

Posted: Mon Oct 08, 2007 3:03 pm
by ssand
Thanks for the fast replies.


-