stublackett Posted July 29, 2008 Share Posted July 29, 2008 Hi, I'm trying an Update on an Directory Item I have created, The insertion needed to use "mysql_real_escape_string" to make sure that the apostrophes etc were inserted without any errors. How do I incorporate similar to Updating the Database Table? The error is You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's organisation in the UK. It exists to educate women to enable t and my PHP / MySQL Code is as follows : <?php //Collect New Post Vars $title = $_POST['title']; $address = $_POST['address']; $postcode = $_POST['postcode']; $telephone = $_POST['telephone']; $email = $_POST['email']; $website = $_POST['website']; $info = $_POST['info']; $category = $_POST['category']; $id = $_GET['id']; if(isset($_POST['submit'])) { // Set global variables to easier names // and prevent sql injection and apostrophe to break the db. $sql = ("UPDATE directory SET title='$title', address ='$address', postcode ='$postcode', telephone='$telephone', email='$email', website='$website', info='$info', category='$category' WHERE id='$_GET[id]'"); $result = mysql_query($sql) or die (mysql_error()); echo "Thank you! News has modified on the site!<br>You'll be redirected to the content management page in (5) Seconds"; echo "<br><br>"; echo "<meta http-equiv=Refresh content=5;url=index.html>"; } ?> How do I incorporate mysql_real_escape_string or similar so that it includes apostrophes in my Database when I update it ??? Quote Link to comment Share on other sites More sharing options...
Barand Posted July 29, 2008 Share Posted July 29, 2008 The insertion needed to use "mysql_real_escape_string" to make sure that the apostrophes etc were inserted without any errors. How do I incorporate similar to Updating the Database Table? How did you you do it for the inserts? Quote Link to comment Share on other sites More sharing options...
stublackett Posted July 29, 2008 Author Share Posted July 29, 2008 The add is as follows Note PHP Code aswell : <?php // create flag(s) for validation errors - $errors = array(); // an array is generally used for this, where the index name would relate each error element to the field it corresponds to (should you want to individually output errors next to the field) // check if the form has been submitted if(isset($_POST['submit'])) { //Collect Form Vars $title = $_POST['title']; $description = $_POST['description']; $category = $_POST['category']; $address = $_POST['address']; $postcode = $_POST['postcode']; $telephone = $_POST['telephone']; $email = $_POST['email']; $website = $_POST['website']; $info = $_POST['info']; $info = addslashes($info); $img1 = $_FILES['image1']['name']; $img2 = $_FILES['image2']['name']; //Set Images Upload Directory $uploaddir = "../directoryimages"; //Check Forms' Post Vars if (!empty($_POST['title'])) { $title = $_POST['title']; }else{ $title = NULL; $errors['title'] = '<p><font color="red">You need to enter a title for this item</font></p>'; } if (!empty($_POST['address'])) { $address = $_POST['address']; }else{ $address = NULL; $errors['address'] = '<p><font color="red">You need to enter an address for the directory</font></p>'; } if (!empty($_POST['postcode'])) { $postcode = $_POST['postcode']; }else{ $postcode = NULL; $errors['postcode'] = '<p><font color="red">You need to enter an postcode for the directory</font></p>'; } if (!empty($_POST['telephone'])) { $telephone = $_POST['telephone']; }else{ $telephone = NULL; $errors['telephone'] = '<p><font color="red">You need to enter an telephone number for this directory item</font></p>'; } if (!empty($_POST['info'])) { $info = mysql_real_escape_string($info); }else{ $info = NULL; $errors['info'] = '<p><font color="red">You need to enter info for this directory item</font></p>'; } //Handle the Image // Upload Part if(is_uploaded_file($_FILES['image1']['tmp_name'])) { move_uploaded_file($_FILES['image1']['tmp_name'],$uploaddir.'/'.$_FILES['image1']['name']); } $img1 = $uploaddir."/".$img1; if(is_uploaded_file($_FILES['image2']['tmp_name'])) { move_uploaded_file($_FILES['image2']['tmp_name'],$uploaddir.'/'.$_FILES['image2']['name']); } $img2 = $uploaddir."/".$img2; // If everything is filled out print the message. if(empty($errors)) { // If all is ok, Insert into DB $sql = "INSERT INTO $db_table2(title, category, address, postcode, telephone, email, website, info, image1, image2) values ('$title','$category','$address','$postcode','$telephone','$email','$website','$info','$img1','$img2')"; // Incase needed($result = mysql_query($sql ,$db)); ($result = mysql_query($sql ,$db) or die(mysql_error())); echo "Thank you! Directory item has been added to the site!<br>You'll be redirected to the content management page in (5) Seconds"; echo "<br />"; echo "<meta http-equiv=Refresh content=5;url=index.html>"; exit; } } // if the form was not submitted or there were validation errors, display the form - if(!isset($_POST['submit']) || !empty($errors)) { ?> Quote Link to comment Share on other sites More sharing options...
fenway Posted July 31, 2008 Share Posted July 31, 2008 Please echo $sql and post it here. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.