Hello all, The query from URL is article.php?title=~!@#$%^&*()_+`-={}|[]\:";'<>?,./&category=somecategory Code (markup): so title = ~!@#$%^&*()_+`-={}|[]\:";'<>?,./ and category = somecategory But i am getting an error in mysql query "SELECT * FROM articles WHERE title = '$title' AND category = '$category'"; Code (markup): I have used urlencode and urldecode too, but i am getting errors at single and double quotes in where clause. how do i solve this error?
Try using mysql_real_escape - http://php.net/manual/en/function.mysql-real-escape-string.php. See if you continue to get errors using it. Most likely the special characters, specifically the ' % " are actually changing the query. This is the basis of SQL injection, in this case it's not malicious just causing a broken query. Always use mysql_real_escape on non hard-coded input to a database.