On 09 Aug 2011 at 13:30, Chris Stinemetz <chrisstinemetz@xxxxxxxxx> wrote:
> Not sure if I am doing it right. It looks like the last single quote
> is being escaped.
>
> When I dump the query I get:
>
> SELECT store_id, store_subject FROM stores WHERE store_subject =
> 'Bella Roe 4980 Roe Blvd\'
>
>
> I am thinking maybe I have too many single quotes some where, but I
> can't find it.
>
> echo '<h4><a href="store.php?id=' . $storerow['store_subject'] . '">'
> .. $storerow['store_subject'] . '</a></h4> at ' . date('m-d-Y',
> strtotime($storerow['store_date']));
>
>
> The query:
>
> $sql = "SELECT store_id, store_subject
> FROM stores
> WHERE store_subject = '" . mysql_real_escape_string($_GET['id']."'");
Why don't you:
1) Make this a single line instead of splitting it over three. No need to do that.
2) Having created $sql, echo it out. That way you could see whether it's correct or not.
Doing (1) and (2) will make it a damn sight easier to see what you are *actually* creating.
--
Cheers -- Tim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
