test
Reputation: 18198
mysql_real_escape_string and strip_slashes problems
I have $_POST in form through PHP into a MYSQL DB that have apostrophes like "O'Hara" and then I get slashes. I know that mysql_real_escape_string puts slashes to prevent things like that but how can I check a DB with a string that has apostrophes in it?
Example:
$name = mysql_real_escape_string(stripslashes($_POST['full_name']));
$check = mysql_query("SELECT * FROM `stadiums` WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());
Upvotes: 0
Views: 116
Answers (1)
air4x
Reputation: 5683
Try
$name = $_POST['full_name'];
if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
}
$name = mysql_real_escape_string($name);
$check = mysql_query("SELECT * FROM `stadiums`
WHERE `stadium_name` LIKE '%$name%' LIMIT 0, 10") or die(mysql_error());
Use stripslashes on input only if magic quotes is enabled.
Upvotes: 1
Related Questions
- Why is my data not stripping properly with mysql_real_escape_string?
- mysql_real_escape_string() leaving slashes in MySQL
- mysql_real_escape_string & slashes
- Using stripslashes after mysql_real_escape_string
- Confusion about mysql_real_escape_string and strip_slashes
- PHP mysql_real_escape_string() -> stripslashes() leaving multiple slashes
- Stripping slashes from mysql_real_escape_string output in PHP
- Bug with mysql_real_escape_string and addslashes
- MySQL_real_escape_string not adding slashes?