Jump to content

[SOLVED] MySQL Syntax Error

twilitegxa

By twilitegxa
in PHP Coding Help

 Share

Recommended Posts

twilitegxa Advanced Member

twilitegxa

Posted
Posted

I can't figure out what my error is saying:

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Post', now(), 'brianna@aol.com')' at line 1

 

What is my error?

 

Here is my script for adding a topic:

 

<?php
//check for required fields from the form
if ((!$_POST['topic_owner']) || (!$_POST['topic_title'])
|| (!$_POST['post_text'])) {
header("Location: addtopic.html");
exit;
}

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
or die(mysql_error());
mysql_select_db("smrpg",$conn) or die(mysql_error());

//create and issue the first query
$add_topic = "insert into forum_topics values ('$_POST[topic_title]', 
now(), '$_POST[topic_owner]')";
mysql_query($add_topic,$conn) or die(mysql_error());

$topic_title = $_POST['topic_title'];

//get the id of the last query
$topic_id = mysql_insert_id();

//create and issue the second query
$add_post = "insert into forum_posts values ('', '$topic_id', 
'$_POST[post_text]', now(), '$_POST[topic_owner]')";
mysql_query($add_post,$conn) or die(mysql_error());

//create nice message for user
$msg = "<P>The <strong>$topic_title</strong> topic has been created.</P>";
?>
<html>
<head>
<title>New Topic Added</title>
</head>
<body>
<h1>New Topic Added</h1>
<?php print $msg; ?>
<p>Back to the <a href="topiclist.php">display</a></p>
</body>
</html>

Link to comment
Share on other sites
scott.stephan Member

scott.stephan

Posted
Posted

SQL has a problem with the " ' " character, the apostrophe. Use

 

function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

 

Which is NOT mine, yanked from a tutorial somewhere. But it works just dandy.

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

just use mysql_real_escape_string()...don't worry about that function:

$add_post = "insert into forum_posts values ('', '$topic_id','".mysql_real_escape_string($_POST['post_text'])."', now(), '".mysql_real_escape_string($_POST['topic_owner']."')";

Link to comment
Share on other sites
rhodesa Newbie

rhodesa

Posted
Posted

until someone goes and enters text with an apostrophe again!

 

you should use mysql_real_escape_string() on ANY variables that you don't know the value of. really you should just use it on all variables since it doesn't hurt the query

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.