Jump to content

Archived

This topic is now archived and is closed to further replies.

Gruzin

Simple question or not...

Recommended Posts

hi everybody,
I've got a little problem, when I'am trying to write something like this: [color=red]Let's Go[/color], mysql says: [color=green]Error:You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's','80.241.240.89')' at line 4[/color]

P.S in other ways it works correctly.

here is the code, hope u guys can help me, thanks a lot.

<?php
require("../ban/ban.php"); //check if the address is banned
$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form
$userip = $_SERVER['REMOTE_ADDR']; // get user ip and store it in db

$con = mysql_connect("localhost","3d","pass");
if(!$con)
{
  die('Couldn"t connect'.mysql_error());
}
mysql_select_db("3d",$con);
$insert = "INSERT INTO func_auction
(user,mes,ip)
VALUES
('$_POST[user]','$text','$userip')"; 
if(!mysql_query($insert,$con))
{
  die('Error:'.mysql_error());
}
header( 'Location: http://www.3d.caucasus.net/auction.php' ) ;
mysql_close($con);
?>

Share this post


Link to post
Share on other sites
You need to use mysql_real_escape_string, or add_slashes, on your variable ($text apparently).

You are getting the error because the single quote, which is used to denote the start and end of strings in SQL, is not being escaped in the input text.

Share this post


Link to post
Share on other sites
That's because you strip the the slashes from the $text variable. It needs to be "Let\'s go" when you put it in the query

Share this post


Link to post
Share on other sites
you mean this?

[color=red]$userip = nl2br(stripslashes($_SERVER['REMOTE_ADDR']));[/color]

I've tryed but...It doesn't work. any ideas?

Share this post


Link to post
Share on other sites
[quote]$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form[/quote]

Share this post


Link to post
Share on other sites
[quote author=Barand link=topic=104103.msg415096#msg415096 date=1155496817]
[quote]$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form[/quote]


[/quote]
umm... nothing wrong with that script, I've got a problem with:
[color=red]$userip = $_SERVER['REMOTE_ADDR']; [/color] // get user ip and store it in db

becouse of that I get this error...

Share this post


Link to post
Share on other sites
[quote author=Barand link=topic=104103.msg415096#msg415096 date=1155496817]
[quote]$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form[/quote]


[/quote]
OK Barand you are right, thanks a lot:)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.