Professional Web Applications Themes

How do I escape parentheses in a mysql query? - MySQL

On Mon, 16 Jul 2007 00:03:26 +0100, Andy Hassall <co.uk> wrote:   > > Short answer: you don't need to, and your problem is probably somewhere else >nearby.[/ref] Funny answer: Point at something behind them and, when they look, run!   > > You should use single quotes for strings in SQL, not double quotes. Double >quotes are supposed to be for quoting table and column names ("identifiers"). >MySQL can, in some cases, accept either, but you should stick with the right >one to avoid potential trouble, and to stay closer to standard SQL conventions. > > http://dev.mysql.com/doc/refman/4.1/en/string-syntax.html > >"If ...

  1. #1

    Default Re: How do I escape parentheses in a mysql query?

    On Mon, 16 Jul 2007 00:03:26 +0100, Andy Hassall <co.uk>
    wrote:
     
    >
    > Short answer: you don't need to, and your problem is probably somewhere else
    >nearby.[/ref]

    Funny answer: Point at something behind them and, when they look,
    run!
     
    >
    > You should use single quotes for strings in SQL, not double quotes. Double
    >quotes are supposed to be for quoting table and column names ("identifiers").
    >MySQL can, in some cases, accept either, but you should stick with the right
    >one to avoid potential trouble, and to stay closer to standard SQL conventions.
    >
    > http://dev.mysql.com/doc/refman/4.1/en/string-syntax.html
    >
    >"If the ANSI_QUOTES SQL mode is enabled, string literals can be quoted only
    >within single quotes because a string quoted within double quotes is
    >interpreted as an identifier."

    >
    > With or without the quotes?

    >
    > If with the quotes, you've now got too many quotes (and they're the wrong sort
    >anyway).

    >
    > What happened? What error did you get? Always check the return value of
    >mysql_query(), and use mysql_error() to get more information.

    >
    > You use escaping on all the variable values you're using in the SQL.
    >
    > Personally I recommend using ADOdb, since it emulates placeholders for
    >versions of MySQL that don't support them, so you don't do the escaping
    >yourself - you would write it something like:
    >
    >SELECT *
    >FROM tblCustomers
    >WHERE InactiveFlag = ?
    >AND (
    > FirstName LIKE concat('%', ?, '%')
    >OR BusinessOrLastName LIKE concat('%', ?', '%')
    >OR Id LIKE concat('%', ?, '%')
    >)
    >ORDER BY BusinessOrLastname
    >
    > ... and then pass it three values in the Execute function, separately to the
    >SQL statement - these then go into the places marked with a "?" - but the key
    >point is that it does this in the way that's appropriate for the databases
    >you're connected to.
    >
    > In older versions of MySQL that means escaping the values and embedding them
    >in the SQL. The "mysqli" interface for MySQL 4.1+ directly supports binding
    >values separately, and ADOdb can also use that if it's available.
    >
    > http://adodb.sourceforge.net/
    >
    > http://uk.php.net/mysqli
    >
    > The main problem with doing all the escaping yourself is that if you get it
    >wrong or forget it at any point, at best you risk obscure errors, but they can
    >lead to SQL injection attacks which are much more serious.[/ref]
    --
    gburnore at DataBasix dot Com
    ---------------------------------------------------------------------------
    How you look depends on where you go.
    ---------------------------------------------------------------------------
    Gary L. Burnore | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    Official .sig, Accept no substitutes. | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    | 0 1 7 2 3 / ݳ 3 7 4 9 3 0 ۳
    Black Helicopter Repair Services, Ltd.| Official Proof of Purchase
    ================================================== =========================
    Gary Guest

  2. #2

    Default Re: How do I escape parentheses in a mysql query?


    "Gary L. Burnore" <com> wrote in message
    news:f7e978$h3s$databasix.com... 
    >>
    >> Short answer: you don't need to, and your problem is probably somewhere
    >> else
    >>nearby.[/ref]
    >
    > Funny answer: Point at something behind them and, when they look,
    > run!
    >[/ref]

    Hey,
    if you go through all the trouble posting something, you might as well add
    something relevant to the OP's question.
    Or is that line and your sig something valuable to the world?

    Richard.

    SNIPPED rest of quoted message ..


    Richard Guest

  3. Moderated Post

    Default Re: How do I escape parentheses in a mysql query?

    Removed by Administrator
    Gary Guest
    Moderated Post

  4. #4

    Default Re: How do I escape parentheses in a mysql query?


    "Gary L. Burnore" <com> wrote in message
    news:f7eckh$rs8$databasix.com... 
    >>
    >>Hey,
    >>if you go through all the trouble posting something, you might as well add
    >>something relevant to the OP's question.[/ref]
    >
    >
    > Actually, the purpose was to redirect the post to
    > comp.databases.mysql.[/ref]

    Then why not mention that in the first place?

    Anyway....
    good luck.

    Richard.


    Richard Guest

Similar Threads

  1. Replies: 2
    Last Post: March 22nd, 03:38 AM
  2. escape mysql prompt without quitting?
    By stephen.durkin@gmail.com in forum MySQL
    Replies: 6
    Last Post: March 5th, 10:32 PM
  3. Escape characters going into MySQL
    By Geoffrey in forum FileMaker
    Replies: 4
    Last Post: November 7th, 09:07 PM
  4. Using functions in Query yzer - escape character?
    By Chris in forum Microsoft SQL / MS SQL Server
    Replies: 2
    Last Post: July 16th, 10:28 AM
  5. note 33699 added to function.mysql-escape-string
    By mathieum@sports.fr in forum PHP Notes
    Replies: 0
    Last Post: July 4th, 11:02 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139