You don't need to escape html characters. In fact doing that will give you incorrect results because the escaped string will never match. Html escaping will convert html special chars(< > & " ') into entities, but what you want is adding backslashes to the characters that are illegal in the query.
So, I think you just need to use addslashes: $this->Classified->findCount("Classified.text = '" . addslashes($ad- >text) . "' AND Classified.editions = '$ad->editions'"); On Feb 27, 10:03 pm, "Christopher E. Franklin, Sr." <[EMAIL PROTECTED]> wrote: > Hrmm, I seem to have fixed it. > > The first time I tried this code, before I posted, it didn't work but, > now it does. Maybe I had a typo. /shrug > > Here is what I changed: > [...] > $this->xmlID = $this->Classified->getNumRows(); > ++$this->xmlID; > [...] > $this->matchResult = $this->Classified->findCount("text = > '".$this->MrClean->sql($this->MrClean->html($ad->text))."' AND editions = '". > > $ad->editions."'"); > [...] > $this->data['Classified']['text'] = > $this->MrClean->sql($this->MrClean->html($ad->text)); > > [...] > > My conclusion is that the sanitize->sql() really doesn't help if you > have any html characters in your text. > So, I convert the special characters using html() and the escape with > sql(). > I do the same thing on insert so, when I match the text, it should > compare exactly. There a few snags. Some ads get by but, I can live > with it. I will just use strip slashes and html_special_chars > functions to convert the text back to my original HTML formatted. > > Sorry for the bother and long posts --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---