Forum Moderators: coopster
$category = htmlspecialchars($HTTP_GET_VARS['category']);The value of $HTTP_GET_VARS['category']is "Cat > 1".
$category is set to "Cat $gt; 1"
I'm storing it on a mySQL database table as an index column then attempting to retrieve it again using the following code and query.....
$category = htmlspecialchars($HTTP_GET_VARS['category']);"SELECT * FROM categories WHERE cat_category = '$category'";Using phpMySQLadmin I can see that the row has been correctly created with an index value of "Cat $gt; 1".
However, when I run the select I get a row not found error with the following error message.....
DEBUG MODESELECT * FROM categories WHERE cat_category = 'Cat $gt; 1'What am I doing wrong?
Thanks, as ever, Pete
For '$gt;' read '>'
Pete
given in your statemenst $category as = "Cat $gt; 1" and run with htmlspecialchars(); that will be translated as "Cat &gt' 1".
this would not be equal as on your database table have("Cat $gt; 1").
try use mysql_escape_string()/ mysql_real_escape_string() as for you input.
htmlspecialchars() for outputing.
Anyone else?
Thanks, Pete
$category = preg_replace('>','$gt;',$HTTP_GET_VARS['category']);
"SELECT * FROM categories WHERE cat_category = '$category'";
Now, $category should be in the same form as the table...
it also seems strange to be storing 'Cat > 1'
what does your select look like?
Pete
doesn't change quotes does it?
I have another question
Why would someone be entering
'Cat > 1'
