twilitegxa Posted July 16, 2009 Share Posted July 16, 2009 I can't figure out what my error is saying: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Post', now(), 'brianna@aol.com')' at line 1 What is my error? Here is my script for adding a topic: <?php //check for required fields from the form if ((!$_POST['topic_owner']) || (!$_POST['topic_title']) || (!$_POST['post_text'])) { header("Location: addtopic.html"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("smrpg",$conn) or die(mysql_error()); //create and issue the first query $add_topic = "insert into forum_topics values ('$_POST[topic_title]', now(), '$_POST[topic_owner]')"; mysql_query($add_topic,$conn) or die(mysql_error()); $topic_title = $_POST['topic_title']; //get the id of the last query $topic_id = mysql_insert_id(); //create and issue the second query $add_post = "insert into forum_posts values ('', '$topic_id', '$_POST[post_text]', now(), '$_POST[topic_owner]')"; mysql_query($add_post,$conn) or die(mysql_error()); //create nice message for user $msg = "<P>The <strong>$topic_title</strong> topic has been created.</P>"; ?> <html> <head> <title>New Topic Added</title> </head> <body> <h1>New Topic Added</h1> <?php print $msg; ?> <p>Back to the <a href="topiclist.php">display</a></p> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/ Share on other sites More sharing options...
Maq Posted July 16, 2009 Share Posted July 16, 2009 Echo out your query and see what's being passed. You need to escape and sanitize your data as well. Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876712 Share on other sites More sharing options...
scott.stephan Posted July 16, 2009 Share Posted July 16, 2009 SQL has a problem with the " ' " character, the apostrophe. Use function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } Which is NOT mine, yanked from a tutorial somewhere. But it works just dandy. Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876713 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 just use mysql_real_escape_string()...don't worry about that function: $add_post = "insert into forum_posts values ('', '$topic_id','".mysql_real_escape_string($_POST['post_text'])."', now(), '".mysql_real_escape_string($_POST['topic_owner']."')"; Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876717 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 Oh, I see the apostrophe problem. I took it out and now the script works just fine. Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876721 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 until someone goes and enters text with an apostrophe again! you should use mysql_real_escape_string() on ANY variables that you don't know the value of. really you should just use it on all variables since it doesn't hurt the query Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876726 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 True, how do I enable the apostrophe? I tried that code with the escape string, but it didn't work. :-( Is the code correct? Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876727 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 It produces an parse error when I add that line: Parse error: parse error in C:\wamp\www\do_addtopic.php on line 25 Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876729 Share on other sites More sharing options...
Maq Posted July 16, 2009 Share Posted July 16, 2009 Code? Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876730 Share on other sites More sharing options...
rhodesa Posted July 16, 2009 Share Posted July 16, 2009 I missed a parenthesis $add_post = "insert into forum_posts values ('', '$topic_id','".mysql_real_escape_string($_POST['post_text'])."', now(), '".mysql_real_escape_string($_POST['topic_owner'])."')"; Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876735 Share on other sites More sharing options...
twilitegxa Posted July 16, 2009 Author Share Posted July 16, 2009 Thank you. That fixed the problem! Quote Link to comment https://forums.phpfreaks.com/topic/166249-solved-mysql-syntax-error/#findComment-876763 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.