Need help in showing data from database

Question

I have a table[info] like this

+---+-------+---------------+
|id | cost  | place         |
+---+-------+---------------+
|1  | 2000  | Dhaka         | 
|2  | 1000  | Cox's Bazar   |
+---+-------+---------------+

Now I'm using this query to show these data

$a_place = $_POST['place'];
query = "SELECT * FROM info WHERE place = '$a_place'";

It works fine when I am searching for Dhaka, but it is not working for Cox's Bazar. Maybe for this > '

Now what can I do? Please help!

Use prepared statements, which will handle the escaping of quotes automatically. — Tim Biegeleisen, Mar 13 '17 at 08:23

CompEng · Answer 1 · 2017-03-13T10:48:14.773

1

try this

$a_place = str_replace($_POST['place'],"'","''");

query = "SELECT * from info WHERE place = '".$a_place."'";

Edit

creating table and insert data

as you see the data ise like yours.

and If I select like mine the output is true

edited Mar 13 '17 at 10:48

answered Mar 13 '17 at 08:26

CompEng

7,161
16
68
122

It's not working. When I'm using this it showing me no results :/ – SamiulHSohan Mar 13 '17 at 08:56
can you try this: query = "SELECT * from info WHERE place = 'Cox''s Bazar'"; this should work – CompEng Mar 13 '17 at 08:58
Yes it works @ErsinGülbahar. But user will not search for Cox''s Bazar, na? They will search for Cox's Bazar. :/ – SamiulHSohan Mar 13 '17 at 09:20

score 0 · Answer 2 · edited May 23 '17 at 12:17

Maybe this will help for a start:

// prepare and bind
$a_place = $_POST['place'];
$stmt = $conn->prepare("SELECT country FROM info WHERE place = '?'");
$stmt->bind_param("s", $a_place);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows){
  $stmt->bind_result($country);
  $stmt->fetch();
  $stmt->free_result();
  echo $country;
};
?>

and see this post: Getting results of statement

(remeber that select * is bad practice)

Need help in showing data from database

2 Answers2

try this

Edit