mysql_real_escape_string and search data in mySql DB
Posted
by
ryrysz
on Stack Overflow
See other posts from Stack Overflow
or by ryrysz
Published on 2013-10-22T15:37:55Z
Indexed on
2013/10/22
15:54 UTC
Read the original article
Hit count: 212
I have problem with php function : mysql_real_escape_string
My test string:
@,&!#$%^*()_+' "\/
I add this data to mySql database, like that (in short):
$str = mysql_real_escape_string($str); $sql = "INSERT INTO table(company) VALUES('".$str. "')";
In DB is stored as:
@,&!#$%^*()_+\' \"\\/
But problem is with find this data by SELECT statement.
I want find, company where name is like
' "
My SELECT's:
SELECT; not working.company
FROMtable
WHEREcompany
LIKE '%\' "%'; SELECTcompany
FROMtable
WHEREcompany
LIKE '%\\' \\"%';
This works:
SELECT `company` FROM `table` WHERE `company` LIKE '%\\\' \\\\"%'; and SELECT `company` FROM `table` WHERE `company` LIKE '%\\\\\\\' \\\\\\\"%'
But I dont know why this work :(.
My questions are:
why must add so many slashes ?
how I can make correct query in PHP:
$query = '\' "'; '%'.mysql_real_escape_string($query).'%' result is : '%\' \"%' '%'.mysql_real_escape_string(mysql_real_escape_string($query)).'%' result is : '%\\\' \\\"%' '%'.mysql_real_escape_string(mysql_real_escape_string(mysql_real_escape_string($query))).'%' result is : '%\\\\\\\' \\\\\\\"%'
Only last one works good.
© Stack Overflow or respective owner