Jump to content

[SOLVED] PHP mysql insert problem

abch624

By abch624
in PHP Coding Help

 Share

Recommended Posts

abch624 Member

abch624

Posted
Posted

Hi Guys,

 

I have a sql query that is not working when I enter a value with single quotes. The query is listed bellow:

 

$sql_check = "SELECT * FROM venue WHERE name = '$restaurant_name' AND address = '$address' AND city = '$city' AND country = '$country' AND postcode LIKE '%$postcode%'";

 

SELECT * FROM venue WHERE name = 'Inn The Park Restaurant' AND address LIKE '%St James's Park, Westminster%' AND city = 'London' AND country = 'United Kingdom' AND postcode LIKE '%W86TA%'

 

I carry out the following functions on the user input:

 

$address = $_POST['address'];

$address = filter_var($address, FILTER_SANITIZE_STRIPPED);

$address = mysql_real_escape_string($address);

 

Any help why I get an error or any other function I need to run on the user input?

 

Cheers - Zahid

Link to comment
https://forums.phpfreaks.com/topic/164369-solved-php-mysql-insert-problem/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted
Any help why I get an error

 

Only if you post the error so we would have a clue about the point where the problem is being detected.

 

And the raw query that you posted does not have the same syntax for the address as the populated query, so we are somewhat unsure as to what your code really is.

abch624 Member

abch624

Posted
  • Author
Posted

The query is

 

SELECT * FROM venue WHERE name = 'Inn The Park Restaurant' AND address = 'St James's Park, Westminster' AND city = 'London' AND country = 'United Kingdom' AND postcode LIKE '%W86TA%'

 

and

 

SELECT * FROM venue WHERE name = '$restaurant_name' AND address = '$address' AND city = '$city' AND country = '$country' AND postcode LIKE '%$postcode%'

 

I get the error of

 

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Park, Westminster' AND city = 'London' AND country = 'United Kingdom' AND post'"

 

Do let me know if you need more info.

JJ2K Newbie

JJ2K

Posted
Posted

You need to escape the single apostrophe with a backslash like so:

 

St Jame\'s Park

 

which makes the query:

 

SELECT * FROM venue WHERE name = 'Inn The Park Restaurant' AND address = 'St James\'s Park, Westminster' AND city = 'London' AND country = 'United Kingdom' AND postcode LIKE '%W86TA%'

 

Notice the backslash

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Cannot really help you without seeing the code responsible for the symptoms -

You need to use mysql_real_escape_string() on each piece of string data put into the query. Your actual code is not doing that or your actual code is removing the escape characters after they have been added.

abch624 Member

abch624

Posted
  • Author
Posted

Cannot really help you without seeing the code responsible for the symptoms -

You need to use mysql_real_escape_string() on each piece of string data put into the query. Your actual code is not doing that or your actual code is removing the escape characters after they have been added.

Thanks a lot. I could not copy and paste the full code here due to copyright. But I have solved the problem Cheers
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.