I've got a URL path during my SQL query, that is retrieved from the URL variable, like so:
This works fine and has the capacity to query the database and obtain the needed output.
However, after i introduce a us dot, like so:
It does not work, despite the fact that it is incorporated in the database in much the same way.
Are you able to assist me to with this particular? Should i scribe the us dot in some way?
Update: As asked for, the code:
$slug = $_GET['slug']; $result = mysql_query("SELECT * FROM pages WHERE slug='$slug'") or die(mysql_error());
No response to your question, but:
Do not use anything obtained from request parameters straight to construct an SQL statement. You open you to ultimately SQL Injection attack this way. Make use of a prepared statement, or at best escape special figures inside your string with