mattc_uk Posted March 8, 2011 Share Posted March 8, 2011 The dreadful apostrophie problem... This search form returns an error whenever searching with an apostrophie (') Here's the code on the form (html) <td align="center" width="135"><form method="post" action="srch_advert.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_details.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_artist.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> <td align="center" width="135"><form method="post" action="srch_track.php"><input type=text name='search' size=15 maxlength=255><br><input type=submit></form></td> and heres the code on srch_advert.php if ($search) // perform search only if a string was entered. { mysql_connect($host, $user, $pass) or die ("Problem connecting to Database"); $srch="%".$search."%"; $query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30"; $result = mysql_db_query("cookuk_pn", $query); if(mysql_num_rows($result)==0) { print "<h2>Your search returned 0 Results</h2>"; } else if ($result) { Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted March 8, 2011 Share Posted March 8, 2011 Always use the function mysql_real_escape_string() on any user input in mysql queries: <?php $srch="%".mysql_real_escape_string($search)."%"; $query = "select * from tvads WHERE advert LIKE '$srch' ORDER BY advert, year DESC, details ASC LIMIT 0,30"; ?> BTW, please when entering code in this forum, please surround your code with tags. Ken Quote Link to comment Share on other sites More sharing options...
mattc_uk Posted March 8, 2011 Author Share Posted March 8, 2011 Awesome it works thanks and yes, will use the code tags in future. Im a newby here Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.