twilitegxa Posted July 16, 2009 Share Posted July 16, 2009 I can't figure out what my error is saying: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Post', now(), '[email protected]')' at line 1 What is my error? Here is my script for adding a topic: <?php //check for required fields from the form if ((!$_POST['topic_owner']) || (!$_POST['topic_title']) || (!$_POST['post_text'])) { header("Location: addtopic.html"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("smrpg",$conn) or die(mysql_error()); //create and issue the first query $add_topic = "insert into forum_topics values ('$_POST[topic_title]', now(), '$_POST[topic_owner]')"; mysql_query($add_topic,$conn) or die(mysql_error()); $topic_title = $_POST['topic_title']; //get the id of the last query $topic_id = mysql_insert_id(); //create and issue the second query $add_post = "insert into forum_posts values ('', '$topic_id', '$_POST[post_text]', now(), '$_POST[topic_owner]')"; mysql_query($add_post,$conn) or die(mysql_error()); //create nice message for user $msg = "<P>The <strong>$topic_title</strong> topic has been created.</P>"; ?> <html> <head> <title>New Topic Added</title> </head> <body> <h1>New Topic Added</h1> <?php print $msg; ?> <p>Back to the <a href="topiclist.php">display</a></p> </body> </html> Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/ Share on other sites More sharing options...
Maq Posted July 16, 2009 Share Posted July 16, 2009 Echo out your query and see what's being passed. You need to escape and sanitize your data as well. Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876712 Share on other sites More sharing options...
scott.stephan Posted July 16, 2009 Share Posted July 16, 2009 SQL has a problem with the " ' " character, the apostrophe. Use function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Which is NOT mine, yanked from a tutorial somewhere. But it works just dandy. Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876713 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 just use mysql_real_escape_string()...don't worry about that function: $add_post = "insert into forum_posts values ('', '$topic_id','".mysql_real_escape_string($_POST['post_text'])."', now(), '".mysql_real_escape_string($_POST['topic_owner']."')"; Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876717 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 Oh, I see the apostrophe problem. I took it out and now the script works just fine. Thanks! Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876721 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 until someone goes and enters text with an apostrophe again! you should use mysql_real_escape_string() on ANY variables that you don't know the value of. really you should just use it on all variables since it doesn't hurt the query Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876726 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 True, how do I enable the apostrophe? I tried that code with the escape string, but it didn't work. :-( Is the code correct? Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876727 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 It produces an parse error when I add that line: Parse error: parse error in C:\wamp\www\do_addtopic.php on line 25 Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876729 Share on other sites More sharing options...
Maq Posted July 16, 2009 Share Posted July 16, 2009 Code? Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876730 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 I missed a parenthesis $add_post = "insert into forum_posts values ('', '$topic_id','".mysql_real_escape_string($_POST['post_text'])."', now(), '".mysql_real_escape_string($_POST['topic_owner'])."')"; Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876735 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 Thank you. That fixed the problem! Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876763 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.