I have a method of a class that uses PDO to search mysql database and it works but the problem is with apostrophe in a search string - it shows:
Syntax error or access violation: 1064.
When single or double quotes in the string the script works fine – no slashes and no errors. This is the case when the site is on local WAMPSERVER 2.1.
When I put the same site on a live server the characters (apostrophe, quotes) are escaped with slashes? Even if I use PDO?
Any ideas why?
Code: Select all
public static function searchstring($per_page=0, $pg_offset=0, $search=0){
global $database;
$sql = "SELECT * FROM tablename WHERE MATCH (fieldname) AGAINST (:searchstr IN BOOLEAN MODE) LIMIT {$per_page} OFFSET {$pg_offset}";
try {
$database->prepare($sql);
$database->bindParam(':searchstr', $search);
$database->execute();
$result_array = $database->fetch_array($sql);
return $result_array;
} catch (Exception $e) {
echo $e->getMessage();
}
}