Solved

What's wrong with this Select statement

Posted on 2011-02-23
2
288 Views
Last Modified: 2012-05-11
I've run into a problem that I can't figure out.

My code is below. It works fine unless my event_category has an apostrophe in it. Then, while the code still fires, there won't be any data associated with that category. I can look in the database and see it, but it won't show up on my page.

What do I have to do in order to accommodate the apostrophe? For example, "Women's Ministry." There's something about "Women/'s Ministry" that's messing things up and I don't know what.

Thoughts?
<?php	
					$querystate = "select distinct event_category from calendar order by event_category";
					$resultstate = mysqli_query($cxn, $querystate)
					or die ("Couldn't execute query.");
				
					while ($row=mysqli_fetch_assoc($resultstate))
					{
					extract($row);
					$the_event_category = $event_category;
					?>
					<tr>
					<td colspan="3" bgcolor="blue">
					<font color="white"><?php echo stripslashes($the_event_category); ?></font>
					</td>
					</tr>
					<?php 						
					$bruce="select * from calendar where event_category = '$the_event_category' order by event_date";
					$bruce_query = mysqli_query($cxn, $bruce)
					or die("Couldn't execute query.");
					while($bruce_row = mysqli_fetch_assoc($bruce_query))
					{
					extract($bruce_row);
					?>
					<tr>
					<td>
					<?php echo date("m/d/y", strtotime($event_date)); ?>
					</td>
					<td>					
					<?php echo stripslashes($event_name); ?>
					</td>

Open in new window

0
Comment
Question by:brucegust
2 Comments
 
LVL 142

Accepted Solution

by:
Guy Hengel [angelIII / a3] earned 250 total points
ID: 34964831
change:
                              $bruce="select * from calendar where event_category = '$the_event_category' order by event_date";


into:

                              $bruce="select * from calendar where event_category = '" . mysql_real_escape_string($the_event_category) ."' order by event_date";
0
 
LVL 3

Assisted Solution

by:LFLFM
LFLFM earned 250 total points
ID: 34964864
use two apostrophe's together.. example:
'this Paul''s string'  becomes:  <  this is Paul's string  >
this is done by replacing ' for '' in your string..
OR better yet, use mysql_real_escape_string($the_event_category).. its MUCH safer, you should always use it

example;
<?php
$tmpstr = mysql_real_escape_string($the_event_category)
$bruce="select * from calendar where event_category = '$mpstr' order by event_date";
					$bruce_query = mysqli_query($cxn, $bruce)

Open in new window

0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question