0

I'm newby in ruby on rails, I have search textbox then everytime I type an apotraphe (') e.g testing' word ..... I always recieved error: 

Mysql2::Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's  word%' OR english_name LIKE '%testing's  word%' OR chinese_name LIKE '%testin' at line 1: SELECT COUNT(DISTINCT `jos_store`.`id`) FROM `jos_store` LEFT OUTER JOIN (SELECT id as store_replenishment, store, MAX(stock_movement) AS stock_movement FROM jos_store_replenishment GROUP BY store) AS replenishment ON replenishment.store = jos_store.id LEFT OUTER JOIN jos_stock_movement ON jos_stock_movement.id = replenishment.stock_movement WHERE (store_id LIKE '%testing's  word%' OR english_name LIKE '%testing's  word%' OR chinese_name LIKE '%testing's  word%')

can you help me with my problem.

Improve this question
3
  • Could you post the code where you create/generate the SQL request ? Commented Jul 13, 2012 at 8:46
  • You should briefly explain your problem to get right solution. Like include your code etc. Commented Jul 13, 2012 at 9:05
  • I have this error when I navigate to rails admin and try to edit one of my users.do you have any ideas ? Commented Sep 5, 2017 at 10:32

1 Answer 1

Reset to default
1

Try escaping your apostrophe, eg english_name LIKE '%testing\'s word%'

if you're using '%PHRASE%' and there's another ' inside %PHRASE%, it thinks you've ended the like clause and gives you an error - if you escape with the escape character, eg \', it should work: so with your error phrase, something like: 

<snip /> WHERE (store_id LIKE '%testing\'s  word%' OR english_name LIKE '%testing\'s  word%' OR chinese_name LIKE '%testing\'s  word%')

Notice I've used '%testing\'s word%' to ensure it doesn't think the second apostrophe ends the LIKE clause

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

how do i put it here in my query? please help me it gives me a headache.. here's my query... search_query = "AND jos_product.product_code LIKE '%#{ search_val }%' OR jos_product.name LIKE '%#{ search_val }%' OR pc.name LIKE '%#{ search_val }%'"
OKay, so you'll need to make sure that search_val has escaped quotes in it, so something like: search_val = search_val.gsub("'", "\\\\'") . Note you should put this BEFORE you use the variable in your search string.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.