php single quote search

I want开发者_如何学运维 to search for mc'd in my database, but I use mysql_real_escape_string.

But nothing is found because it will output mc\\'d

Any ideas?

mysql_real_escape_string should return single quotes escaped with only one backslash, so my wild guess is that you have magic_quotes_gpc turned on in your php.ini. Turn that off, and it'll be ok.

Consider using PHP Data Objects instead of mysql_query(). Then you don't need mysql_real_escape_string(), because PDO takes care of correct parameter passing internally. (It'll use bind parameters if the database supports them, otherwise it'll do the escaping for you.)

This is safer, from an SQL injection standpoint, than constructing raw query strings by hand and having to remember to escape everything. The parameter values are given separately from the SQL so there's no possibility of malicious input changing the structure of the query.

Use addslashes while inserting in the database and use stripslashes while fetching from the database.

and in your condition its adding two slashes to ' so i think it is due to you magic quote is on.

So it will be better if you turn off the magic quote and then make the search.

So after turn off the magic quote it will give md'c --> md\'c.

Hope this will helpful for u..