WayneAH
10-05-2000, 03:19 PM
Question about apostrophes:
I have a table in a database where most entries intitially were loaded from a tab-delimited text file using mysqlimport. I modify those records or add new ones via Web=based forms.
Columns added via the original mysqlimport that contain apostrophes in one or more fields are not escaped by slashes when I view them via Telnet. But records modified or added using INSERT queries embedded in the Web-based forms require the addshashes function to insert successfully.
So now I have some records in my table containing slashed apostrophes and some containing naked apostrophes. If a user searches on "nic's" and that record has unslashed apostrophes - no problem. But if that record was one added via my form, the search comes up empty.
What the form is passing when a user doing a search types in an apostrophe is actually "%27", so the URL field in the action page looks like this if a user types in "nic's":
search.php3?search=nic%27s
So I tried to fix the problem with slashed-apostrophe records by creating a second variable with the slash added like this:
$searchslash=str_replace("\%27", "\\\%27", "$search");
Then I set the query to . . .
query= "SELECT company FROM mytable WHERE $company LIKE '$%search%' OR '$%searchslash%'";
Didn't work. Have also tried the expression with . . .
"%27" "\%27" and '\%27' '\\\%27'
Didn't work either.
Can anyone tell me how I can retrieve poor Nic regardless of whether he was imported or spawned from a form?
Thanks,
WayneAH
I have a table in a database where most entries intitially were loaded from a tab-delimited text file using mysqlimport. I modify those records or add new ones via Web=based forms.
Columns added via the original mysqlimport that contain apostrophes in one or more fields are not escaped by slashes when I view them via Telnet. But records modified or added using INSERT queries embedded in the Web-based forms require the addshashes function to insert successfully.
So now I have some records in my table containing slashed apostrophes and some containing naked apostrophes. If a user searches on "nic's" and that record has unslashed apostrophes - no problem. But if that record was one added via my form, the search comes up empty.
What the form is passing when a user doing a search types in an apostrophe is actually "%27", so the URL field in the action page looks like this if a user types in "nic's":
search.php3?search=nic%27s
So I tried to fix the problem with slashed-apostrophe records by creating a second variable with the slash added like this:
$searchslash=str_replace("\%27", "\\\%27", "$search");
Then I set the query to . . .
query= "SELECT company FROM mytable WHERE $company LIKE '$%search%' OR '$%searchslash%'";
Didn't work. Have also tried the expression with . . .
"%27" "\%27" and '\%27' '\\\%27'
Didn't work either.
Can anyone tell me how I can retrieve poor Nic regardless of whether he was imported or spawned from a form?
Thanks,
WayneAH