problem when cleaning a query - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: problem when cleaning a query (/showthread.php?tid=24421) |
problem when cleaning a query - El Forum - 11-09-2009 [eluser]ahmedi[/eluser] I have a blocking problem with an sql query , here is my code $term = $this->db->escape($tag); $request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]".$term."(s|es)*$'"; When this query is executed i obtain form example for $tag='test' ; $request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]'test'(s|es)*$'"; which is not good because i have quotes around test word, how can i avoid this probelme thanks problem when cleaning a query - El Forum - 11-09-2009 [eluser]mah0001[/eluser] You are using the escape function that adds the quotes around the string, remove it and you won't have the quotes anymore: Code: $term=addslashes($term);//not a perfect solution, but this will escape single quotes for mysql problem when cleaning a query - El Forum - 11-10-2009 [eluser]ahmedi[/eluser] this in fact avoid to have quotes in the query, but image that you have "'" char in $term, so in this case I need an escape for the variable $term. So this correct the added quotes problem but the string is not escaped , Have you an idea of an other functions to use ???? thanks problem when cleaning a query - El Forum - 11-10-2009 [eluser]mah0001[/eluser] Code: $request = 'SELECT * from tags WHERE tag REGEXP '. $this->db->escape('[[:<:]]'.$term.'(s|es)*$'); I have not tested, but it should work. |