Thursday, January 25, 2018

php - mysql_real_escape_string and search data in mySql DB

I have problem with php function : mysql_real_escape_string



My test string:






    @,&!#$%^*()_+' "\/



I add this data to mySql database, like that (in short):





    $str = mysql_real_escape_string($str);


    $sql = "INSERT INTO table(company) VALUES('".$str. "')";



In DB is stored as:





    @,&!#$%^*()_+\' \"\\/




But problem is with find this data by SELECT statement.



I want find, company where name is like 





    ' "




My SELECT's:


    SELECT company FROM table WHERE company LIKE '%\' "%';
    SELECT company FROM table WHERE company LIKE '%\\' \\"%';
;
not working.

This works:






    SELECT `company` FROM `table` WHERE `company` LIKE '%\\\' \\\\"%';

    and

    SELECT `company` FROM `table` WHERE `company` LIKE  '%\\\\\\\' \\\\\\\"%'




But I dont know why this work :(.



My questions are:




  • why must add so many slashes ?


  • how I can make correct query in PHP:







    $query = '\' "';
    '%'.mysql_real_escape_string($query).'%' 
    result is : '%\' \"%'

    '%'.mysql_real_escape_string(mysql_real_escape_string($query)).'%'
    result is : '%\\\' \\\"%'

    '%'.mysql_real_escape_string(mysql_real_escape_string(mysql_real_escape_string($query))).'%' 

    result is : '%\\\\\\\' \\\\\\\"%'


Only last one works good.

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

plot explanation - Why did Peaches' mom hang on the tree? - Movies & TV

In the middle of the movie Ice Age: Continental Drift Peaches' mom asked Peaches to go to sleep. Then, she hung on the tree. This parti...