Solved

SQL Issue

Posted on 2014-03-03
3
246 Views
Last Modified: 2014-03-03
What is wrong with this query?

SELECT * from subcat_docs where prim = 'Polywrap' and category = '20' Perforations' and subcategory = 'Black 200/400''

When I run this phpMyadmin, it says error in the syntax near "where catag".

The attached shows the table structure.

Thanks
subcat-docs-str.jpg
0
Comment
Question by:Richard Korts
3 Comments
 
LVL 18

Accepted Solution

by:
Matthew Kelly earned 250 total points
ID: 39902009
Can you post the exact phpMyAdmin message?

I just made that table, and ran that query (copy and pasted) the below, and it ran without error.

SELECT * from subcat_docs where prim = 'Polywrap' and category = '20' Perforations' and subcategory = 'Black 200/400''

Open in new window

0
 

Author Comment

by:Richard Korts
ID: 39902105
That's crazy; I just ran it again, no error.

Can you tell we how to escape the data (from a MySQL point of view)  if there are ' in the data itself?

Thanks
0
 
LVL 35

Assisted Solution

by:Terry Woods
Terry Woods earned 250 total points
ID: 39902108
Just add a backslash before it eg
where word = 'can\'t'

Open in new window

You can often avoid escaping by using double quotes too.

When you're writing code to perform queries with user supplied data, you need to have foolproof methods to ensure any special characters get properly escaped, or your software can become vulnerable to SQL injection attack. Let me know if you want more information on this (it's language dependent).
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP loop not working 4 71
mysql joining from the same table 6 47
MySQL Memory Keeps Increasing 4 47
Inserting data into database 10 34
Foreword In the years since this article was written, numerous hacking attacks have targeted password-protected web sites.  The storage of client passwords has become a subject of much discussion, some of it useful and some of it misguided.  Of cou…
I use MySQL for many of my development projects in a Windows environment. To manage my databases (and perform queries) for years I used a tool called MySQL administrator.  This tool has since been replaced by MySQL Workbench. So I decided to m…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question