PHP / MySQL SELECT query using email address mystery

I have a particularly puzzling problem.

I am using PHP to loop through a recordset and then identify if an email address exists in another table.

The code all works fine until it gets to one particular email address and I can't for the life of me see what is wrong.

The email address is marcodambrosio@domain.com. I get the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ambro'' at line 1

All other email address are fine.

I echo the query

SELECT * FROM user_details WHERE email='marcodambrosio@domain.com'

and run it in Navicat and it works

PHP Code as follows:

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

/*Get source data*/
mysql_select_db($database, $link);
$query_clients = "SELECT email FROM clients ORDER BY client_id DESC";
$clients = mysql_query($query_clients, $link) or die(mysql_error());
$row_clients = mysql_fetch_assoc($clients);
$totalRows_clients = mysql_num_rows($clients);

do {
    /*Check table to see if email already exists*/
 $query_check = sprintf("SELECT * FROM user_details WHERE email=%s",GetSQLValueString($row_clients['email'],"text"));
 echo "<br>".$query_check."<br>";
 $check = mysql_query($query_check, $link) or die(mysql_error());
 if (mysql_num_rows($check)==0) {
  $query_insertUse开发者_如何学Crs = sprintf("INSERT INTO users (username, password, userlevel) VALUES (%s, %s, 1)", $username, $password);
  echo $query_insertUsers."<br>";
  //$insertUsers = mysql_query($query_insertUsers, $link) or die(mysql_error());
 }
} while ($row_clients = mysql_fetch_assoc($clients));

mysql_free_result($clients);

As I said - this code WORKS, it is only when trying to query with this one email address that it fails.

---

This looks like the escaping is going wrong somehow: right syntax to use near 'ambro'' seems to indicate that the e-mail might be actually marcod'ambrosio@domain.com. If you do

echo "<br>".$query_check."<br>";

and run that in Navicat, does that have the same error?

---

Run the following query:

SELECT * FROM user_details WHERE email LIKE 'marco%'

I'm willing to bet that what you actually have in the database is marcod'ambrosio@domain.com (note the ' included). This probably happened during some kind of auto-generation of the email addresses.

---

Are you sure that email is inside quotes?