mysql_real_escape_string and search data in mySql DB

Posted by ryrysz on Stack Overflow See other posts from Stack Overflow or by ryrysz
Published on 2013-10-22T15:37:55Z Indexed on 2013/10/22 15:54 UTC
Read the original article Hit count: 212

Filed under:
|
|

I have problem with php function : mysql_real_escape_string

My test string:


    @,&!#$%^*()_+' "\/

I add this data to mySql database, like that (in short):


    $str = mysql_real_escape_string($str);

    $sql = "INSERT INTO table(company) VALUES('".$str. "')";

In DB is stored as:


    @,&!#$%^*()_+\' \"\\/

But problem is with find this data by SELECT statement.

I want find, company where name is like


    ' "

My SELECT's:

    SELECT company FROM table WHERE company LIKE '%\' "%';
    SELECT company FROM table WHERE company LIKE '%\\' \\"%';
; not working.

This works:


    SELECT `company` FROM `table` WHERE `company` LIKE '%\\\' \\\\"%';

    and

    SELECT `company` FROM `table` WHERE `company` LIKE  '%\\\\\\\' \\\\\\\"%'

But I dont know why this work :(.

My questions are:

  • why must add so many slashes ?

  • how I can make correct query in PHP:


    $query = '\' "';
    '%'.mysql_real_escape_string($query).'%' 
    result is : '%\' \"%'

    '%'.mysql_real_escape_string(mysql_real_escape_string($query)).'%'
    result is : '%\\\' \\\"%'

    '%'.mysql_real_escape_string(mysql_real_escape_string(mysql_real_escape_string($query))).'%' 
    result is : '%\\\\\\\' \\\\\\\"%'

Only last one works good.

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql