Login

07-20-2010, 08:08 AM

[eluser]KingSkippus[/eluser]
Again, please use single quotes for string literals. Even if it works in MySQL, it doesn't necessarily work in other databases, it's not standard SQL, and I personally guarantee you that it will save you grief in some form or another if you change now. I don't mean to sound preachy, but I can't tell you how many times I've run across code that breaks because the user coded something non-standard at the time that later became deprecated.

That having been said, I don't know what the issue is with this particular question. I've written that exact query on my server and it works fine, with the parentheses unescaped. (Yes, with single and double quotes.) I did notice in the above code that your sample uses "table" as the table name, which isn't allowed in MySQL and will throw an error 1064 for using a reserved word as your table name. If your table name is literally table, you will need to escape it in backticks:

Code:
$sql = 'select * from `table` where field1 = \'red(b)\'';

For hopefully obvious reasons, I'd highly recommend against using a table named `table` in your database.

Other than that, are you absolutely, positively certain that your test code is exactly as it appears above, that you're not generating the query some other way? One thing that might be worthwhile to try is to make sure $sql is what you really, really think it is by inserting this test code and verifying that you're really passing parentheses and not html-escaped parentheses:

Code:
echo htmlentities($sql);

Oh, another dumb question. You are using MySQL, right? I've been assuming that, but really, without asking, I don't know for sure.