Hi i have a list of restaurants name in my db where some of the name comes with character like &, @, and ' (quote), the way the name are displayed in browser when viewing then are http://localhost/my-restaurant-new-york as i use this function to replace empty spaces with dash -
$businessDetail = strtr($businessDetail, '-', ' ');
based on business name an business id will be found and retrieve all the related infos. If in my db i have a name like My Restaurant New & york i cause an error in sql as follow
Message: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 3.
The question now is how can i save the name in the beginning and how to retrieve it back without having an issue with special characters. Thanks
UPDATE: i am using zend framework so this is how i save name into db and retrieve back
$testMapper = new Application_Model_Mapper_TestMapper();
$testModel = new Application_Model_Test();
$bzname = str_replace("'", '', $this->_getParam('name'));
$testModel->setId($id)
->setName($bzname);
$business_id = $testMapper->save($testModel);
All link to the business name are translated by this function
$this->view->bzurl = preg_replace("![^a-z0-9]+!i","-", $result['business_name']);
Update2:
public function getBusinessId($business_detail)
{
$select = $this->getDbTable()->getAdapter()->select();
$select->from('business',array('business_id'))
->where("business_name='".$business_detail."'");
$result = $this->getDbTable()->getAdapter()->fetchRow($select);
return $result['business_id'];
}
->where("business_name='".$business_detail."'")
should be:
->where("business_name = ?", $business_detail)
to ensure that the data is correctly escaped. If that's the query generating the error, that should fix your issue. I'd recommend you read up a little on SQL injection and how to avoid it.