I'm not sure how you got the data into the DB, but the quote marks need to be escaped in the data and then the slashes need to stripped when you pull the data out of the DB.

A raw ' in the data is going to create problems.

ergophobe is entirely correct ... however, you can get out of the hole you dug ... ;)

while ($mrow = mysql_fetch_array($mresult))

{

[b]$thisTitle=addslashes($mrow["title"]);[/b]

$count = mysql_result(mysql_query("SELECT COUNT(*) FROM vids where game = [b]'$thisTitle'[/b]"), 0);

}

Note the use of quotes instead of apostrophes in the addslashes() function. This escapes the title's apostrophes (like

O\'Reilly

)(but use with caution for other things ... see the manual page [us3.php.net]) and uses that escaped string as the $thisTitle variable's value. Then, when using that data in your SELECT statement, the escaped apostrophes do not interfere with the apostrophes you are using in your SELECT statement, and the value is passed as-is (no escaping) for comparison with the values in the database.

In the future you may want to consider using addslashes() or another special-character-modifying function before you dump the data into the db.

>> I'm not sure how you got the data into the DB

hopefully this way
[webmasterworld.com...]

;)

heh heh... but then the single quotes would be escaped with a slash.

<snip>

true but thought I would bring it up ;)

be careful with those snippers, I don't want you bleeding all over the forum

Hey man. I know the risks I take. My left ear used to be bigger back when I still had professionals cut my hair.

I'm just trying to remember when I've ended up with unescaped quotes in my DB. Double escaped quotes through the magic of magic_quotes_gpc, yes, which ends up being being unescaped in the long run as the slash gets escaped.