Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Alex Nikitin
Sorry but escaping doesnt protect against mysql injection either, it is not a good answer, nor does it really work, its an effort, yes, buuut in unicode world we pretty much have the ability to override what it means to be a character through best guess matching, etc, iiit just doesnt quite work; e

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Ashley Sheridan
David Green wrote: >Thank you all for the various suggestions. > >It now works with this: > >$find = strip_tags($find); >$find = trim($find); > >$data = mysql_query("SELECT * FROM news_items WHERE headline LIKE >'%$find%'"); > >Another "newb" question: does strip_tags() help at all in preventin

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread David Green
Thank you all for the various suggestions. It now works with this: $find = strip_tags($find); $find = trim($find); $data = mysql_query("SELECT * FROM news_items WHERE headline LIKE '%$find%'"); Another "newb" question: does strip_tags() help at all in preventing SQL injection attacks? Kind reg

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Dajka Tamás
ay, August 09, 2011 4:55 PM To: David Green Cc: php-general@lists.php.net Subject: Re: [PHP] Struggling with MySQL query On Tue, Aug 9, 2011 at 10:14 AM, David Green wrote: [snip] > $data = mysql_query("SELECT * FROM news_items WHERE upper('headline') LIKE > '%$find%'&

Re: [PHP] Struggling with MySQL query

2011-08-09 Thread Andrew Ballard
On Tue, Aug 9, 2011 at 10:14 AM, David Green wrote: [snip] > $data = mysql_query("SELECT * FROM news_items WHERE upper('headline') LIKE > '%$find%'"); A couple things to consider. First, as a few others have pointed out, you probably want to remove the single quotes around the word headline in y

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Alex Nikitin
$data = mysql_query($q); > ... > > And try running the echoed query in phpmyadmin, etc. > > Cheers, > > Tamas > > -Original Message- > From: David Green [mailto:simp...@gmail.com] > Sent: Tuesday, August 09, 2011 4:14 PM > To: php-general@lists.php.net >

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread admin
> -Original Message- > From: David Green [mailto:simp...@gmail.com] > Sent: Tuesday, August 09, 2011 10:14 AM > To: php-general@lists.php.net > Subject: [PHP] Struggling with MySQL query > > Hi > > I have a simple from which uses the post method to get to my

RE: [PHP] Struggling with MySQL query

2011-08-09 Thread Dajka Tamas
d Green [mailto:simp...@gmail.com] Sent: Tuesday, August 09, 2011 4:14 PM To: php-general@lists.php.net Subject: [PHP] Struggling with MySQL query Hi I have a simple from which uses the post method to get to my page script results.php in results.php I have $find=$_POST["find"]; //this wo

[PHP] Struggling with MySQL query

2011-08-09 Thread David Green
Hi I have a simple from which uses the post method to get to my page script results.php in results.php I have $find=$_POST["find"]; //this works perfectly, echo $find gives me the search term as entered I then connect to mysql and select the db successfully. After that, I have the following: