mysql - How to escape apostrophe in php variable for select query -

i have tried escaping query string , $variable containing apostrophe using mysqli_real_escape_string variable value coming form database. getting following error.

you have error in sql syntax; check manual corresponds mysql server version right syntax use near '\'shamrock rovers%\' , away_team \'st patrick's athletic%\'' @ line 1

the apostrophe not getting escaped quotes around comparison values is.

here query appears in php file:

    $hometeam = filter_input(input_get, 'hometeam', filter_sanitize_string);     $homeplayers = "select * players team_name $hometeam";     $homeplayers = mysqli_real_escape_string($dbc, $homeplayers);     $homeplayersresult = mysqli_query($dbc, $homeplayers); 

and echoed out browser:

    select * players team_name shamrock rovers 

i have tried number of different ways no variation in results feel overlooking simple. in advance.

edit 1

updated code

$hometeam = filter_input(input_get, 'hometeam', filter_sanitize_string);           $hometeam = mysqli_real_escape_string($dbc, $hometeam); echo "<br>".$hometeam."<br>"; $homeplayers = "select * players team_name '$hometeam%'";  $homeplayersresult = mysqli_query($dbc, $homeplayers); 

this script recieves 3 parameters processing script

header("location: ../scorer.php?gameweek=$gameweek&hometeam=$hometeam&awayteam=$awayteam"); 

outputs select * players team_name 'st patrick's athletic%'

edit 2

after entering query in mysql command window nothing happens when submit query once when enter again following err.

like $hometeam"; 

you need quote variable.

like '$hometeam'"; 

or

like '$hometeam%'"; 

since string, per like shamrock rovers

however don't know why you're using

$homeplayers = mysqli_real_escape_string($dbc, $homeplayers);                                                ^^^^^^^^^^^^ 

while escaping query: (?)

$homeplayers = "select * players team_name $hometeam"; ^^^^^^^^^^^^ 

you meant use:

$homeplayers = mysqli_real_escape_string($dbc, $hometeam); 

---

• consider using parametrized queries such mysqli prepared statements, or pdo prepared statements instead.

---

edit: (test)

this used query test table of mine, being "users".

<?php  $db_host = 'xxx'; $db_user = 'xxx'; $db_pass = 'xxx'; $db_name = 'xxx';  $link = new mysqli($db_host, $db_user, $db_pass, $db_name); if($link->connect_errno > 0) {   die('connection failed [' . $link->connect_error . ']'); }  $_get['hometeam'] = "st patrick's athletic";  $username = $_get['hometeam'];  $hometeam = filter_input(input_get, 'hometeam', filter_sanitize_string); $homeplayers = mysqli_real_escape_string($link, $hometeam); $homeplayers = "select * users username '$hometeam%'"; $homeplayersresult = mysqli_query($link, $homeplayers);  echo "names found like: " . $username;  echo "<br>";   while($row = mysqli_fetch_array($homeplayersresult)){  echo $row['username'];  echo "<br>";  echo "<a href=\"{$row['my_row']}\">".$row['my_row']."</a>";  echo "<br>";  } 

• plus, make sure column indeed varchar , length long enough , input "text type".

sidenote:

you don't need break query:

$hometeam = filter_input(input_get, 'hometeam', filter_sanitize_string); 

since you're using mysqli_real_escape_string() sanitize input.

something we've discussed during our chat resolved, yet did mention above before chatting solution after all.