Thursday, 25 January 2018

php - mysql_real_escape_string and search data in mySql DB

I have problem with php function : mysql_real_escape_string



My test string:






@,&!#$%^*()_+' "\/



I add this data to mySql database, like that (in short):





$str = mysql_real_escape_string($str);


$sql = "INSERT INTO table(company) VALUES('".$str. "')";



In DB is stored as:





@,&!#$%^*()_+\' \"\\/




But problem is with find this data by SELECT statement.



I want find, company where name is like





' "




My SELECT's:


SELECT company FROM table WHERE company LIKE '%\' "%';
SELECT company FROM table WHERE company LIKE '%\\' \\"%';
;
not working.

This works:






SELECT `company` FROM `table` WHERE `company` LIKE '%\\\' \\\\"%';

and

SELECT `company` FROM `table` WHERE `company` LIKE '%\\\\\\\' \\\\\\\"%'




But I dont know why this work :(.



My questions are:




  • why must add so many slashes ?


  • how I can make correct query in PHP:







$query = '\' "';
'%'.mysql_real_escape_string($query).'%'
result is : '%\' \"%'

'%'.mysql_real_escape_string(mysql_real_escape_string($query)).'%'
result is : '%\\\' \\\"%'

'%'.mysql_real_escape_string(mysql_real_escape_string(mysql_real_escape_string($query))).'%'

result is : '%\\\\\\\' \\\\\\\"%'


Only last one works good.

No comments:

Post a Comment

casting - Why wasn't Tobey Maguire in The Amazing Spider-Man? - Movies & TV

In the Spider-Man franchise, Tobey Maguire is an outstanding performer as a Spider-Man and also reprised his role in the sequels Spider-Man...