brendan-amex
asked on
MySQL Query Using Quotes and Apostrophes
So I posted earlier and got help on running update and insert queries, but now I have a different problem. I want to know what the best way is to run a select query based on an input field.
So for example, I have a field which posts to a page and is included in the WHERE statement: "SELECT * FROM table WHERE UserID=$userID AND Field1='$input'
The $input variable is the field the user enters on the prior page. But if I use an apostrophe, it errors out. How can I do this??
Also..... Quotes work, but I really don't care about that. I'd rather be able to use an apostrophe if I had to choose...
So for example, I have a field which posts to a page and is included in the WHERE statement: "SELECT * FROM table WHERE UserID=$userID AND Field1='$input'
The $input variable is the field the user enters on the prior page. But if I use an apostrophe, it errors out. How can I do this??
Also..... Quotes work, but I really don't care about that. I'd rather be able to use an apostrophe if I had to choose...
You will want to use the php function mysql_real_escape_string() to sanitize the data for your query.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I like both answers. Thank you