If the \
is literally inside the text in the db record, then you need
$sql = "SELECT .... name='foo\\bar'";
^^---double escaped
The first \
will be stripped off by the DB's sql parser. Then the remaining foo\bar
will be used for the field searches.
comment followup: You're not understanding the purpose of escaping:
$name = "Miles O'Brien";
$sql = "SELECT * FROM yourtable WHERE name='" . $db->real_escape_string($name) . "';";
This will produce:
SELECT * FROM yourtable WHERE name='Miles O\'Brien';
and that's what literally gets send to the DB engine. When the SQL parser gets hold of it, that first \
escape is removed, and the DB will be looking for Miles O'Brien
in the name
field - note that the backslash is no longer there.
Since your DB record literally is contains Miles O\'Brien
, WITH the \
embedded in the record, you need to double escape, so the query becomes:
SELECT * FROM yourtable WHERE name='Miles O\\'Brien';
Same thing happens: The SQL parser removes the first layer of escaping, and the DB will now be searching for Miles O\'Brien
.