Hello,
I have a bit of trouble with some sql statements.
I want to let the users of my page write there own sql queries.
so I use a "texarea field". but the problem is, "select from people" works, but the trouble starts, when you want to use ' (quotes).
select from table where name like '%test%'
where he gives a "query failed"...
Here's what I have:
on the html page:
<textarea rows=3 cols=35 name="sql">
(it sends it information to a php page)
on the php page:
echo "<br>sqlquery = ";
echo $sql;
echo "<br>";
$query=$sql;
$result=mysql_query($query)
or die("Query failed");
and then the code to view the results. (there' nothing wrong with the code that follows)
So, with a simple statement (select from people) it works, but when I use quotes (select from people where name like '%oe%') I get the "query failed" message.
I know it's because he add's \ (backslashes) to the code, (sqlquery = select * from people where name like \'%oe%\')
but is it possible to make this work?
Thanks in advance
PF
