[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] Syntax for select statement
From:       Jason Stechschulte <jpstech () unoh ! edu>
Date:       2001-04-30 19:44:33
[Download RAW message or body]

On Fri, Apr 27, 2001 at 11:56:08AM -0400, Don Pro wrote:
> $queryID = mysql_query("SELECT Country, Agent FROM Ports
>                                         WHERE Portname = '$portname'");
> 
> My question is, if the variable $portname has the ' character within in,
> will this cause an error in my select statement?  If the answer is
> "Yes", can someone give me a more robust way of writing it using PHP?

Yes.  You could try this
$queryID = mysql_query("SELECT Country, Agent FROM Ports
                     WHERE Portname='".addslashes($portname)."'");
-- 
Jason Stechschulte
jpstech@unoh.edu
--
Suppose you're working on an optimizer to render \X unnecessary (or
rather, redundant, which isn't the same thing in my book).
             -- Larry Wall in <199710211624.JAA17833@wall.org>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe@lists.php.net
For additional commands, e-mail: php-general-help@lists.php.net
To contact the list administrators, e-mail: php-list-admin@lists.php.net

[prev in list] [next in list] [prev in thread] [next in thread]