Selecting from a database

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

Kenneth
New php-forum User
New php-forum User
Posts: 40
Joined: Fri Aug 09, 2002 11:53 am
Location: Rochester, NY
Contact:

Selecting from a database

Postby Kenneth » Sat Feb 22, 2003 1:20 pm

Hi, I have a quick and easy question. I have a username and password script that has a problem when you select from it. If someone has a ' in it, for example O'brien, there's an SQL error. Here's a test page to show you:

http://www.coopercentral.org/includes/auth2.php

For the username, put: O'brien
There will be an error. How can I fix that? The PHP code I used is below:

Code: Select all

<?php

include("mysql_connect.php");

if(!isset($submit)) {

echo "<form method=POST action=$PHP_SELF>
Username: <input type=text name=username><br>
<input type=submit name=submit value=submit>";

} else if(isset($submit) && !empty($username))) {

$sql = "SELECT * FROM auth WHERE username = '$username'";
$result = @mysql_query($sql) or die(mysql_error());

if(mysql_num_rows($result) == "1") {

echo "<b>Successfully logged in!! - $username</b>";

}

}

?>


I thank you very for, I really appreciate it!!

Ken Cooper

User avatar
WiZARD
Moderator
Moderator
Posts: 1257
Joined: Thu Jun 20, 2002 10:14 pm
Location: Ukraine, Crimea, Simferopol
Contact:

Re: Selecting from a database

Postby WiZARD » Sun Feb 23, 2003 5:12 am

All what i may say to you magic quotas only magic quotas

User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:

Postby Redcircle » Sun Feb 23, 2003 11:59 am

put the variable that you are posting in addslashes()

this will add the appropriate slashes. also use mysql_escape_string() so make sure it is mysql safe.

syntax for that would be

Code: Select all

$varuable = mysql_escape_string(addslashes($variable));


Return to “PHP coding => General”

Who is online

Users browsing this forum: Exabot [Bot], Yahoo [Bot] and 2 guests

cron