0

I wasn't exactly sure how to word this, but essentially what I need is so when I send a SELECT query in MySQL, it doesn't pay attention to the escape character ( \ ) in the search. For example, if the name I am searching for is foo'bar and I send foo\'bar to the server, is there a way to make the server find foo'bar? This is the MySQL query currently:

function escape_data($data) {


    $data = mysql_escape_string (trim($data));
    $data = strip_tags($data);

return $data;

}

$champ1 = escape_data($_GET['champ1']);

 foreach($db->query("SELECT * FROM champs WHERE name = '$champ1'") as $row) {
                $role_verify_1 = $row[$role];

             }

the only way I can get foo'bar to return is if I change it to foo\'bar in the MySQL database and I would like not to if it is possible.

Improve this question
4
  • Might want to fix your typo Commented Apr 9, 2014 at 13:20
  • 1
    Are you previously calling addslashes() or using the long-since-deprecated-please-don't-use-in-modern-code magic_quotes_gpc? Commented Apr 9, 2014 at 13:21
  • stripslashes() can be applied before mysql_real_escape_string() but it would be better to fix your data source... Commented Apr 9, 2014 at 13:22
  • Switching to prepared statements is probably the best choice but my opinion is not valid so carry on. Commented Apr 9, 2014 at 13:34

2 Answers 2

Reset to default
1

The function you want is stripslashes before mysql_real_escape_string, however your real concern should be where the slashes are actually coming from - it looks like you might have magic quotes turned on. This is deprecated - check the link for instructions on disabling it.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The Syntax at PHP requires that.

For example;

   name = '$champ1'

Here you have a variable in ' tags. But that variable includes ' inside like foo'bar, its turn to that.

   name = 'foo'bar'

as you see php can't understand what is going on there. So it need to clear that problem like adding before ' an \. And inserted item will have slashes before aphostropes.

As a solution you can delete the backslashes before you echo the variable.

$theVariable = str_replace("\", "", $theVariable);

Or you can use PHP's upper version's functions. like stripslashes() before you insert your data.

Good luck.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.