i have a delete.php script, which successfully deletes rows from a mysql DB.
i am having trouble getting it to properly escape the ’ from a name, which is needed, because the delete is using the exact name to locate the item
//------------------------ begin
$project=$_GET[‘chosen’];
include(‘header.inc’);
include(‘inc.config.php’);
mysql_connect($dbhost, $dbuser, $dbpasswd);
@mysql_select_db($dbname) or die( “Unable to select database”);
$query=“DELETE FROM menu_table WHERE menuname=’$project’”;
mysql_query($query);
mysql_close();
echo “Project Deleted”;
?>
////------------------------ end
I know i need to use str_replace or something like that, and we are using it elsewhere. but in this case, its just not working right.
can someone correct this for me?
