SQL Issue

Richard Korts
Richard Korts used Ask the Experts™
on
What is wrong with this query?

SELECT * from subcat_docs where prim = 'Polywrap' and category = '20' Perforations' and subcategory = 'Black 200/400''

When I run this phpMyadmin, it says error in the syntax near "where catag".

The attached shows the table structure.

Thanks
subcat-docs-str.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Can you post the exact phpMyAdmin message?

I just made that table, and ran that query (copy and pasted) the below, and it ran without error.

SELECT * from subcat_docs where prim = 'Polywrap' and category = '20' Perforations' and subcategory = 'Black 200/400''

Open in new window

Richard KortsBusiness Owner / Chief Developer

Author

Commented:
That's crazy; I just ran it again, no error.

Can you tell we how to escape the data (from a MySQL point of view)  if there are ' in the data itself?

Thanks
Terry WoodsIT Guru
Most Valuable Expert 2011
Commented:
Just add a backslash before it eg
where word = 'can\'t'

Open in new window

You can often avoid escaping by using double quotes too.

When you're writing code to perform queries with user supplied data, you need to have foolproof methods to ensure any special characters get properly escaped, or your software can become vulnerable to SQL injection attack. Let me know if you want more information on this (it's language dependent).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial