Welcome Guest, Not a member yet? Register   Sign In
problem when cleaning a query

I have a blocking problem with an sql query , here is my code
$term = $this->db->escape($tag);
$request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]".$term."(s|es)*$'";

When this query is executed i obtain form example for $tag='test' ;

$request = "SELECT * from tags WHERE tag REGEXP '[[:<:]]'test'(s|es)*$'";
which is not good because i have quotes around test word, how can i avoid this probelme

You are using the escape function that adds the quotes around the string, remove it and you won't have the quotes anymore:

$term=addslashes($term);//not a perfect solution, but this will escape single quotes for mysql
      $request = “SELECT * from tags WHERE tag REGEXP ‘[[:<:]]”.$term.”(s|es)*$’”;

this in fact avoid to have quotes in the query, but image that you have "'" char in $term, so in this case I need an escape for the variable $term.
So this correct the added quotes problem but the string is not escaped ,
Have you an idea of an other functions to use ????

$request = 'SELECT * from tags WHERE tag REGEXP '. $this->db->escape('[[:<:]]'.$term.'(s|es)*$');

$sql = "SELECT * FROM tags WHERE tag REGEXP ?";
$this->db->query($sql, array('[[:<:]]'.$term.'(s|es)*$'));

I have not tested, but it should work.

Theme © iAndrew 2016 - Forum software by © MyBB