SELECT query with apostrophe

Question

In my database, I have a column named storeName with a value called Joe's Kitchen.

When user enters Joe's Kitchen, I would store it in a variable named storeName and do a select query on it like this: "SELECT * FROM shops WHERE storename='".$storeName."'". Problem now is that the value contains apostrophe, how should I go about this ?

I have tried the method below but it is not working

$storeName = mysqli_real_escape_string($db->getConnection(),$_POST["storeName"]);

use prepared statement to insert – user1844933 Jun 28 '15 at 05:35 — user1844933, Jun 28 '15 at 05:35

score 0 · Answer 1 · answered Jun 28 '15 at 05:33

Escape the apostrophe in query by writing two apostrophes
Example


    SELECT * FROM shops WHERE storename='Joe''s Kitchen'  //added 2 apostrophes

this is not a recommended method since it has serious security issues, try to use pdo or parameterized queries

score 0 · Answer 2 · answered Jun 28 '15 at 05:34

0

In your SQL query, you can replace the single quote ' by `. Then the name can contain single quotes...

answered Jun 28 '15 at 05:34

Nowhere man

5,007
3
28
44

score 0 · Answer 3 · answered Jun 28 '15 at 05:43

0

You can do this way also

SELECT * FROM shops WHERE    
storename="Joe\'s Kitchen"

answered Jun 28 '15 at 05:43

A l w a y s S u n n y

36,497
8
60
103

You should rather answer in the duplicate. – qwerty_so Jun 28 '15 at 11:59

SELECT query with apostrophe

3 Answers3