Hi,
I'm trying (and failing) to find a safe method that returns records from a database if they have quotes in them, for example, if I generate a query like this:
SELECT * FROM foo WHERE bar LIKE 'here's pezholio's record with quotes'
Obviously it will be unsafe as I haven't escaped the quotes. I've tried storing the records with slashes already in them and then searching ie:
SELECT * FROM foo WHERE bar LIKE 'here/'s pezholio/'s record with quotes'
Which should return a result. I've also tried HTML entities ie 'here's pezholio's record with quotes'
But neither method works! Any ideas?
I'm trying (and failing) to find a safe method that returns records from a database if they have quotes in them, for example, if I generate a query like this:
SELECT * FROM foo WHERE bar LIKE 'here's pezholio's record with quotes'
Obviously it will be unsafe as I haven't escaped the quotes. I've tried storing the records with slashes already in them and then searching ie:
SELECT * FROM foo WHERE bar LIKE 'here/'s pezholio/'s record with quotes'
Which should return a result. I've also tried HTML entities ie 'here's pezholio's record with quotes'
But neither method works! Any ideas?
Comment