+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: problem when cleaning a query (/showthread.php?tid=24421)
problem when cleaning a query - El Forum - 11-09-2009
[eluser]ahmedi[/eluser]
I have a blocking problem with an sql query , here is my code
$term = $this->db->escape($tag);
$request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]".$term."(s|es)*$'";
When this query is executed i obtain form example for $tag='test' ;
$request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]'test'(s|es)*$'";
which is not good because i have quotes around test word, how can i avoid this probelme
thanks
problem when cleaning a query - El Forum - 11-09-2009
[eluser]mah0001[/eluser]
You are using the escape function that adds the quotes around the string, remove it and you won't have the quotes anymore:
Code:
$term=addslashes($term);//not a perfect solution, but this will escape single quotes for mysql
$request = “SELECT * from tags WHERE tag REGEXP ‘[[:<:]]”.$term.”(s|es)*$’”;problem when cleaning a query - El Forum - 11-10-2009
[eluser]ahmedi[/eluser]
this in fact avoid to have quotes in the query, but image that you have "'" char in $term, so in this case I need an escape for the variable $term.
So this correct the added quotes problem but the string is not escaped ,
Have you an idea of an other functions to use ????
thanks
problem when cleaning a query - El Forum - 11-10-2009
[eluser]mah0001[/eluser]
Code:
$request = 'SELECT * from tags WHERE tag REGEXP '. $this->db->escape('[[:<:]]'.$term.'(s|es)*$');
//or
$sql = "SELECT * FROM tags WHERE tag REGEXP ?";
$this->db->query($sql, array('[[:<:]]'.$term.'(s|es)*$'));I have not tested, but it should work.