mysql_real_escape_string and search data in mySql DB
- by ryrysz
I have problem with php function : mysql_real_escape_string
My test string:
@,&!#$%^*()_+' "\/
I add this data to mySql database, like that (in short):
$str = mysql_real_escape_string($str);
$sql = "INSERT INTO table(company) VALUES('".$str. "')";
In DB is stored as:
@,&!#$%^*()_+\' \"\\/
But problem is with find this data by SELECT statement.
I want find, company where name is like
' "
My SELECT's:
SELECT company FROM table WHERE company LIKE '%\' "%';
SELECT company FROM table WHERE company LIKE '%\\' \\"%';
;
not working.
This works:
SELECT `company` FROM `table` WHERE `company` LIKE '%\\\' \\\\"%';
and
SELECT `company` FROM `table` WHERE `company` LIKE '%\\\\\\\' \\\\\\\"%'
But I dont know why this work :(.
My questions are:
why must add so many slashes ?
how I can make correct query in PHP:
$query = '\' "';
'%'.mysql_real_escape_string($query).'%'
result is : '%\' \"%'
'%'.mysql_real_escape_string(mysql_real_escape_string($query)).'%'
result is : '%\\\' \\\"%'
'%'.mysql_real_escape_string(mysql_real_escape_string(mysql_real_escape_string($query))).'%'
result is : '%\\\\\\\' \\\\\\\"%'
Only last one works good.