I have a MySQL table that has a column called title which is a string.
When the string has a single quote however (e.g. “John’s group”), the sql fails.
I’m using the following php code to lookup the table:
$pageID = mysql_fetch_array(mysql_query("SELECT pageID FROM `mytable` WHERE title='" . $title . "'"));
where $title contains my lookup string.
Can anybody give me advise on what to do here?
EDIT: I’ve discovered that two single quotes will work in the SQL – however – is there a way to do this in php?
You should escape your
titlebefore using in the query.