[Resolved] Easy mysql problem

ExpendableDecoy

Hi there. 🙂

This is probably so simple but I can't see a good way of doing it...

Basically, the problem is when I have a variable which is a string and it has a ' in it.

When this variable is then used within a SQL select statement it fails because, I guess, the ' needs to be escaped somehow.

$db_name = "Paul's database"

$sql = " SELECT * FROM test_forum_db
		WHERE db_name = $db_name ";

Could anyone help me out on this?.

Thanks in advance. 🙂

onion2k

Actually, the apostrophe should be fine.. its the space thats killing it.. and fixing it means you'll need to modify the apostophe..

$db_name = "Paul\'s database";
$sql = " SELECT * FROM test_forum_db WHERE db_name = '$db_name' ";

ExpendableDecoy

The only problem with that is that in practice the variable won't have a hard coded string but will be a one of many posible results from another sql SELECT further up the file.

So would there be a function for this?.

onion2k

add_slashes()

Although, that said, you won't need to use that if magic quotes are switched on. Read this page to find out how to check on the fly in your script: http://uk2.php.net/manual/en/function.get-magic-quotes-gpc.php

Roger_Ramjet

Just a point, half of this stems from the abuse of names. Why use names with apostrophes and spaces in the first place?😕 All it does is force your to write extra code to deal with them every time. And not every db engine will like them. Make all your databases, tables, field names etc as general, code friendly and portable as possible.

ExpendableDecoy

Many thanks, that's sorted it. 🙂