tags:

views:

788

answers:

3
+1  Q: 

How to store special characters (', ", &, etc) in mysql database, so they can be searchable?

Im having a small problem with storage of special characters like quotes, double quotes and ampersands. I put every POST request through mysql_real_escape_string(), and when I add a string like "That '70s Show" it gets stored as "That '70s Show" in the mysql DB. When I echo it out, it works fine... but when I try to run a % $string % search for "That '70s Show", it will not find the record. I have magic_quotes disabled.

How can I get around this?

A: 

are you mysql_real_escape_string()'ing your %$string% search?

xkcd150  2009-05-01 21:10:03
Yes, I am doing that.
Yegor  2009-05-01 21:13:20
+1  A: 

Quoted from Mysql reference doc

There are several ways to include quote characters within a string:

  • A “'” inside a string quoted with “'” may be written as “''”.

  • A “"” inside a string quoted with “"” may be written as “""”.

  • Precede the quote character by an escape character (“\”).

  • A “'” inside a string quoted with “"” needs no special treatment and need not be doubled or escaped. In the same way, “"” inside a string quoted with “'” needs no special treatment.

The following SELECT statements demonstrate how quoting and escaping work:

mysql> SELECT 'hello', '"hello"', '""hello""', 'hel''lo', '\'hello';
+-------+---------+-----------+--------+--------+
| hello | "hello" | ""hello"" | hel'lo | 'hello |
+-------+---------+-----------+--------+--------+

Refer : http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html

Webrsk  2009-05-01 21:11:56
+2  A: 

It looks like the problem is that you're not just running the incoming data that you store in the database through mysql_real_escape_string(), but also htmlentities() or a relative. Is that the case? If so, quit. :)

chaos  2009-05-01 21:12:59
+1: Something more is definiteiy going on, as mysql_real_escape_string will change ' to '' or \' (I haven't checked which).
R. Bemrose  2009-05-01 21:18:07
Another possibility is an encoding mismatch, but I'm holding out hope for the easy option.
chaos  2009-05-01 21:19:06
Im not. Its just mysql_real_escape_string and thats it.
Yegor  2009-05-01 21:21:18
Yegor  2009-05-01 21:25:02
Yeah, htmlentities_decode().
chaos  2009-05-01 21:26:58
Sorry, that should have been html_entity_decode(). Because God knows we can't have orthogonal function naming in PHP.
chaos  2009-05-01 21:28:26
Yeah, html_entity_decode().
chaos  2009-05-01 21:29:06

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL