Search form returns an error when entering an apostrophie

[mattc_uk]

The dreadful apostrophie problem... This search form returns an error whenever searching with an apostrophie (')

 

Here's the code on the form (html)

 

<td align="center" width="135"><form method="post" action="srch_advert.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td>

<td align="center" width="135"><form method="post" action="srch_details.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td>

<td align="center" width="135"><form method="post" action="srch_artist.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td>

<td align="center" width="135"><form method="post" action="srch_track.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td>

 

 

and heres the code on srch_advert.php

 

if ($search)  // perform search only if a string was entered.

  {

    mysql_connect($host, $user, $pass) or die ("Problem connecting to Database");

 

    $srch="%".$search."%";

 

    $query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30";

 

$result = mysql_db_query("cookuk_pn", $query);

    if(mysql_num_rows($result)==0) {

        print "<h2>Your search returned 0 Results</h2>";

  }

 

    else if  ($result)

    {

 

 

[kenrbnsn]

Always use the function mysql_real_escape_string() on any user input in mysql queries:

<?php
$srch="%".mysql_real_escape_string($search)."%";
$query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30"; 
?>

 

BTW, please when entering code in this forum, please surround your code with

tags.

 

Ken

[mattc_uk]

Awesome it works thanks

 

and yes, will use the code tags in future. Im a newby here