Re: Select Value with 's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hi

think you should use ' when you create the query and " in the SQL-statement
for comparison:

$qry = 'SELECT *
FROM customer
WHERE customer.customer LIKE "'.$FF.'"';

_ma 

# life would be easier if i knew the source code...

> Von: "Aleks @ USA.net" <Aleks.k@xxxxxxx>
> Datum: Wed, 5 Nov 2003 13:52:51 -0500
> An: "'CPT John W. Holmes'" <holmes072000@xxxxxxxxxxx>, "'ma'"
> <grillen@xxxxxxxxxxxxxx>, "'PHP-DB'" <php-db@xxxxxxxxxxxxx>
> Betreff: RE:  Select Value with 's
> 
> Thanks John for the answer.... But...
> 
> Now my select statement on the Result.php page errors out when
> The value has the [']in it..... What the select statement looks like now
> Is 
> 
> Select *
> From customer
> Where customer.customer LIKE 'St Mary's Hospital'
> 
> Error message is
> 
> Warning mysql_fetch_array(): supplied argument is not a valid MySQL result
> 
> 
> 
> 
> 
> -----Original Message-----
> From: CPT John W. Holmes [mailto:holmes072000@xxxxxxxxxxx]
> Sent: Wednesday, November 05, 2003 1:45 PM
> To: Aleks @ USA.net; 'ma'; 'PHP-DB'
> Subject: Re:  Select Value with 's
> 
> From: "Aleks @ USA.net" <Aleks.k@xxxxxxx>
>> First I build my select list:
>> 
>>     <SELECT NAME="Cid" size="1">
>>     <OPTION Selected VALUE="">All Customers</OPTION>
>> 
>> <?
>>  While ($Site = mysql_fetch_array($S))  {
>>   $Sid = $Site["CID"];
>>   $SName = htmlspecialchars($Site["Customer"]);
>>   echo("<option value='$SName'>$SName</options>\n");
> 
> Easy fix: echo("<option value=\"$SName\">$SName</options>\n");
> 
> Long version:
> 
> htmlspecialchars() does not change single quotes unless you pass ENT_QUOTES
> as the second parameter. What you're ending up with is a value such as:
> 
> value='St. Mary's'
> 
> which, HTML will interpret as a value of "St. Mary" and an unknown s'
> attribute. So,
> 
> $SName = htmlspecialchars($Site["Customer"], ENT_QUOTES); echo("<option
> value='$SName'>$SName</options>\n");
> 
> will convert single quotes to HTML entities and not affect the value.
> 
> The "easy fix" above works because it uses double quotes around the value
> and htmlspecialchars() already changes double quotes by default.
> 
> ---John Holmes...
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux