On 13/08/10 13:26, Ron Piggott wrote:
If the variable $segment has an ' in it the $query won't work because of having 3 ' 's. Should I be using: $segment = mysql_real_escape_string($segment); before querying the database?
Use it in your query. Don't use it anywhere else. Your code may use it after the query and cause weird stuff, ala:
$segment = 'this is my segment'; $segment = mysql_real_escape_string($segment); $query = ....; echo 'My segment name is ' . htmlspecialchars($segment); So it'll become: $query="SELECT `reference` FROM `bible_concordance_words` WHERE `word` = '" . mysql_real_escape_string($segment) . "' LIMIT 1";
Please note: $segment wasn't submitted through a form.
Doesn't matter. -- Postgresql & php tutorials http://www.designmagick.com/ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
