I'm using a php MySQLi class to be more secure that MySQL, but I have a problem.
I have a column of data which contains apostrophes in it. I am comparing the column against a variable that has NO apostrophes, it's a clean string, from my url. In my old code I could easily just do a Replace(category_name, '''', '') in the SQL statement, and apostrophes wouldn't become a factor.
If I throw this into phpmyadmin, it works:
SELECT DISTINCT merchant_category
FROM products
WHERE Replace( category_name, '''', '' ) = 'childrens accessories'
ORDER BY merchant_category
But with MySQLi this is a real problem, as it won't parse them:
$params = array();
$params[0] = "Replace(category_name, '''', '')";
$params[1] = $this->db->escape($this->cleanDBValue(requestQS("cat1")));
//print_r($params);
$rs = $this->db->rawQuery("SELECT DISTINCT merchant_category FROM products WHERE ? = ? ORDER BY merchant_category ", $params);
The data I'm trying to match with the query is:
children's accessories
And I'm not getting any results. How can I get round this?