I am using MYSQL 5.5. May I know how to avoid ' in the SQL query? Below is my example query:
<?php
$mySelect1 = "'Ahli Majlis'";
$bracket_mySelect1 = "($mySelect1)";
SQL = "SELECT * FROM user where 1 and nama_gelaran in ".$bracket_mySelect1."";
?>
The wrong result I have checked in the console log data is SELECT * FROM user where 1 and nama_gelaran in ('Ahli Majlis')
Actually I want the result is SELECT * FROM user where 1 and nama_gelaran in ('Ahli Majlis')
What I tried, but it doesn't work:
SQL = SELECT * FROM user where 1 and nama_gelaran in ".html_entity_decode(htmlentities($bracket_mySelect1,ENT_QUOTES),ENT_QUOTES); .";
Rattler :
I am unsure how you are executing the queries but it is best practice to use PDO rather then the mysql_ functions. This also improves security and protects against mysql injection.\nBelow is a sample of how to connect and run a PDO query. I have changed your IN to be = as it looks like you are only passing one value.\n$dsn = "mysql:host=localhost;dbname=mydb";\n$user = "dbUsername";\n$passwd = "dbPassword";\n\n$name = 'Ahli Majlis';\n\n$pdo = new PDO($dsn, $user, $passwd);\n$stm = $pdo->query("SELECT * FROM `user` WHERE nama_gelaran = :name");\n$stm->bindParam('name', $name);\n\n$user = $stm->fetch();\n\nprint_r($user);\n",
2020-10-30T12:22:57