使用Apostrophe搜索查询,其中记录未被转义

This is in mysql:

Column: Title
        ___________
        Children's 

Code:

$result = mysql_query("SELECT * FROM bookings_css_multi_lang WHERE model='pjCourse' AND field = 'title' AND content LIKE '%".$searchTerm."%' LIMIT $start_from, $results_per_page");
while ($myrow = mysql_fetch_row($result))
{

If you really must use the obsolete mysql extension, you have to escape the inputs to prevent syntax errors like this. Use:

$searchTerm = mysql_real_escape_string($searchTerm);

before the query.

But you really should convert to mysqli or PDO`, which allow you to write parameterized queries. In PDO you would write this as:

$stmt = $pdo->prepare("
    SELECT * 
    FROM bookings_css_multi_lang 
    WHERE model='pjCourse' AND field = 'title' 
        AND content LIKE CONCAT('%', :search_term, '%')
    LIMIT :start_from, :results_per_page");
$stmt->bindParam(':search_term', $searchTerm);
$stmt->bindParam(':start_from', $start_from);
$stmt->bindParam(':results_per_page', $results_per_page);
$stmt->execute();
while($myrow = $stmt->fetch(PDO::FETCH_ASSOC)) {
    ...
}