Monkuar Posted June 28, 2009 Share Posted June 28, 2009 for ($a=0;$a<$num;$a++) { $DB->query("INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '". mysql_real_escape_string($product["productid"]) ."','". mysql_real_escape_string($ibforums->member["id"]) .",'". mysql_real_escape_string($product["price"]) ."')"); } im using mysql real escape against for hackers.. but it's giving me a error: mySQL query error: INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '10','1,'0') mySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '0')' at line 1 mySQL error code: Date: Sunday 28th 2009f June 2009 07:29:54 AM Quote Link to comment https://forums.phpfreaks.com/topic/163970-cant-figure-why-this-mysql-giving-me-a-errorr/ Share on other sites More sharing options...
RichardRotterdam Posted June 28, 2009 Share Posted June 28, 2009 just looking at the following query in your error it seems you forgot a single quote INSERT INTO ibf_itemshop_inventory(productid,memberid,paid) VALUES( '10','1','0') and btw if the id's are only suppose to be numbers/integers your better of checking if those values are indeed numbers/integers instead of using mysql_real_escape_string Quote Link to comment https://forums.phpfreaks.com/topic/163970-cant-figure-why-this-mysql-giving-me-a-errorr/#findComment-865016 Share on other sites More sharing options...
Monkuar Posted June 28, 2009 Author Share Posted June 28, 2009 Is that security risk? I use this: for each variable good enough? $id = $ibforums->input["id"]; $num = $ibforums->input["num"]; if (isset($id)){ if (is_numeric($id)) { } else { die("Your ip has been saved in the Database and will be reported to your ISP."); } } if (isset($num)){ if (is_numeric($num)) { } else { die("Your ip has been saved in the Database and will be reported to your ISP."); } } my code is from 2002 but i enchance it alittle each time Quote Link to comment https://forums.phpfreaks.com/topic/163970-cant-figure-why-this-mysql-giving-me-a-errorr/#findComment-865018 Share on other sites More sharing options...
wildteen88 Posted June 28, 2009 Share Posted June 28, 2009 Having empty if statements is pointless. You're better of doing if (isset($ibforums->input["id"], $ibforums->input["num"])) { if(!is_numeric($ibforums->input["id"]) && !is_numeric($ibforums->input["num"])) { die("Your ip has been saved in the Database and will be reported to your ISP."); } $id = $ibforums->input["id"]; $num = $ibforums->input["num"]; } Quote Link to comment https://forums.phpfreaks.com/topic/163970-cant-figure-why-this-mysql-giving-me-a-errorr/#findComment-865020 Share on other sites More sharing options...
GingerRobot Posted June 28, 2009 Share Posted June 28, 2009 Learn something new every day. I didn't know isset() could take a variable number of arguments. Quote Link to comment https://forums.phpfreaks.com/topic/163970-cant-figure-why-this-mysql-giving-me-a-errorr/#findComment-865033 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.