Page 1 of 1
Mysql database query - single quotes
Posted: Mon Oct 08, 2007 2:32 pm
by ssand
I have the following snipit for a query.
Code: Select all
WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?
Thanks
Re: Mysql database query - single quotes
Posted: Mon Oct 08, 2007 2:37 pm
by s.dot
ssand wrote:I have the following snipit for a query.
Code: Select all
WHERE `products`.`inv_type_name` = '$_GET['inv']'
Is it correct to use the $_GET['inv'] or will I be running into problems with the multiple single quotes?
Thanks
Concatenate.
Code: Select all
mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '" . $_GET['inv'] . "'");
Code: Select all
mysql_query("SELECT * FROM `table` WHERE `products`.`inv_type_name` = '{$_GET['inv']}'");
And, you should use some protection on your variables. Look into
mysql_real_escape_string(), at least. And, I'm completely assuming you're using MySQL as your dbms.
Re: Mysql database query - single quotes
Posted: Mon Oct 08, 2007 2:49 pm
by ev0l
scottayy wrote: I'm completely assuming you're using MySQL as your dbms.
He must be, the ` character is non-standard SQL only supported by MySQL .
Posted: Mon Oct 08, 2007 3:03 pm
by ssand
Thanks for the fast replies.
-