How to stop get errors by typing ' mark

Question

I have a dictionary page. when I search something the link showing as index.php?word=(search word here) but when I add ' mark to this link like index.php?word=**name'**

then showing this error Warning:

mysql_fetch_array(): supplied argument is not a valid MySQL result resource in...

how to stop this. and bypass ' mark

Have a look at http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php — Michael, Jan 01 '13 at 09:48

score 3 · Accepted Answer · answered Jan 01 '13 at 09:49

In your case, you would want to use mysql_real_escape_string($_GET['name']).

http://php.net/manual/en/function.mysql-real-escape-string.php

However, I wouldn't recommend using mysql_* functions. I would use prepared statements with PDO or mysqli. You can find more info here (PDO) or here (mysqli).

score 0 · Answer 2 · answered Jan 01 '13 at 09:49

0

quick fix would be to use mysql_real_escape_string against your query.

However, since mysql_* is deprecated, your best bet for future proof would be to use PDO or mysqli_*

answered Jan 01 '13 at 09:49

ariefbayu

21,849
12
71
92

1

mysql_eral_escape_string change it to mysql_real_escape_string – Muhammad Talha Akbar Jan 01 '13 at 09:50

How to stop get errors by typing ' mark

2 Answers2