another question is could this becoming from the table I am comparing it too?
SELECT * FROM store_address WHERE address = '".$address."'
where $address is fine but the other table is causing the error. how do I strip that result as well?
I have this code in to try and strip single quotes out. But it does it to one but not the rest.
$address = str_replace("\\\///", "", $store['address']); $address = str_replace("'", "", $address); $address = str_replace("'", "\'", $address); $address = addslashes($address); $sql2 = "SELECT * FROM store_name WHERE name = '".$store['name']."'"; //$build_sql .= $sql2."<br>"; $result2 = mysql_query($sql2) or die(mysql_error()); $store_name = mysql_fetch_array($result2); $sql3 = "SELECT * FROM store_address WHERE address = '".$address."'";
any thoughts
From: "John W. Holmes" <[EMAIL PROTECTED]>
Reply-To: <[EMAIL PROTECTED]>
To: "'Daniel McCullough'" <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Subject: RE: [PHP] strip single quotes
Date: Wed, 19 Mar 2003 21:49:10 -0500
MIME-Version: 1.0
Received: from dc-mx03.cluster1.charter.net ([209.225.8.13]) by mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 19 Mar 2003 19:04:29 -0800
Received: from [68.117.196.146] (HELO coconut) by dc-mx03.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 107067803; Wed, 19 Mar 2003 21:51:20 -0500
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Organization: U.S. Army
Message-ID: <[EMAIL PROTECTED]>
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: <[EMAIL PROTECTED]>
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 20 Mar 2003 03:04:29.0882 (UTC) FILETIME=[6C8DB1A0:01C2EE8D]
> I'm trying to query the database using a string pulled out of the database > and compare and get the id. I can do it to a certain point and what kills > my query is single quotes. I CANNOT figure out how to escape it. > > I DID THIS: > $address2 = str_replace("'", "", $address); > > that worked on some, but not all. > $address = stripslashes($store['address']); > $address = str_replace("'", "", $address); > $address = htmlspecialchars($address); > $address = addslashes($address); > > anyone > > Some errors I have gotten back > "You have an error in your SQL syntax near 's Linen & Home'' at line 1" > and > "You have an error in your SQL syntax near 's 800 number.'' at line 1"
You need to use addslashes() on any string you insert into your query.
---John W. Holmes...
PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
