I'm working on an application where users are searched for by multiple different criteria. One of the available criteria is searching by name. Names are stored in the database with HTML characters stripped, eg. a ' is stored as '. The problem with this is that if a user searches by name inputting the regular english name, it looks for the english name rather than the HTML-stripped name in the database. I have tried using htmlspecialchars($string, ENT_QUOTES), but for some reason it won't always replace the single quote correctly. Can anyone think of why this would happen, or recommend a better way? Thank you!
try using this html_entity_decode($string) instead of htmlspecialchars($string, ENT_QUOTES);
You don't need to replace single quotes. All you need to do is to use either PDO or MySQLi extension. Example of PDO,
$stmt = $pdo->prepare('SELECT * FROM tableName WHERE name = :name');
$stmt->execute(array(':name' => $name));
foreach ($stmt as $row)
{
// do something with $row
}
In that way, it allows you to search even if the value has single quote.
both ans are good but you can also try this...
function change_text($in, $out, $text){
$input = array($in);
$change = array($out) ;
$result = @str_replace ($input ,$change, $text);
return $result;
}
$change_text = change_text("'", '',$text);
hope it will help
on your query, replace your ' (quote) to ''. first quote will sign that caracter after this quote will be use as is.
bellow sample code:
mysql> select * from activities where activity='aku''kamu';
+----+----------+---------+
| id | activity | user_id |
+----+----------+---------+
| 1 | aku'kamu | 3 |
+----+----------+---------+
1 row in set (0.00 sec)
mysql> update activities set activity='aku''kamu' where id=2
Query OK, 1 row affected (0.06 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select * from activities where activity='aku''kamu';
+----+----------+---------+
| id | activity | user_id |
+----+----------+---------+
| 1 | aku'kamu | 3 |
| 2 | aku'kamu | 3 |
+----+----------+---------+
2 rows in set (0.00 sec)
mysql>