Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
643 views
in Technique[技术] by (71.8m points)

php - Ignoring apostrophes in mysql searches

I want to take a url that does not have any apostrophes, commas or ampersands in it and match it with a record in a database that may have one of those characters.

For example:

mywebsite.com/bobs-big-boy
mywebsite.com/tom--jerry
mywebsite.com/one-two-three

rewrite to

index.php?name=bobs-big-boy
index.php?name=tom--jerry
index.php?name=bobs-big-boy

Then in php I want to use the $_GET['name'] to match the records

bob's big boy
tom & jerry
one, two, three

Now my query looks like this:

"SELECT * from the_records WHERE name=$NAME";

I can't change the records, because they're business names. Is there a way I can write the query to ignore ampersands, commas and apostrophes in the db?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Yes you can but I'm pretty sure it will ignore any indexes you have on the column. And it's disgusting.

Something like

SELECT * FROM the_records 
WHERE replace(replace(replace(name, '''', ''), ',', ''), '&', '') = $NAME

By the way taking a get variable like that and injecting it into the mysql query can be ripe for sql injection as far as I know.

pg, I know you said you can't change/update the content in the database you're selecting from, but does anything preclude you from making a table in another database you do have write access to? You could just make a map of urlnames to business names and it'd only be slow the first time you do the replace method.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...