Matching names in database
Question
I have a table in which I want to match fname and lname
My query is
$result = $mysqli->query('SELECT * FROM user_friend_detail WHERE userId = "'.$_SESSION["userId"].'" AND FriendFirstName = "'.mysql_real_escape_string($firstName).'" AND FriendLastName = "'.mysql_real_escape_string($lastName).'" AND FriendStatusCode="verified" AND friendId!='.$fid.' ') or die($mysqli->error);
The problem is If I write name Joh'nny, the names with ' are not matched, how can I solve this ?
1 answers
solution1
1 ACCPTED 2013-12-17 20:52:03
Since you're already using mysqli you might as well use prepared statements, so that you don't have to worry about doing proper escaping:
$stmt = $mysqli->prepare('SELECT *
FROM user_friend_detail
WHERE userId = ? AND FriendFirstName = ? AND FriendLastName = ?
AND FriendStatusCode="verified" AND friendId <> ?');
$stmt->bind_param('issi', $_SESSION['userId'], $firstName, $lastName, $fid);
$stmt->execute();
See also: mysqli::prepare()
Update
In addition, you may have magic quotes enabled, you should switch it off .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Matching text against table of names
getting the names matching to the input given
laravel controller not matching database
Database Matching Algorithm
matching multiple inputs with database
Listing names of database columns
Increment Database Table Names
Select items matching the names and those with the same category
MySQL: JOIN two tables with matching row names
Get env variables names by matching text
Related Tags