Jump to content


Photo

Simple question or not...


  • Please log in to reply
6 replies to this topic

#1 Gruzin

Gruzin
  • Members
  • PipPipPip
  • Advanced Member
  • 448 posts
  • LocationGeorgia

Posted 13 August 2006 - 07:07 PM

hi everybody,
I've got a little problem, when I'am trying to write something like this: Let's Go, mysql says: Error:You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's','80.241.240.89')' at line 4

P.S in other ways it works correctly.

here is the code, hope u guys can help me, thanks a lot.

<?php
require("../ban/ban.php"); //check if the address is banned
$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form
$userip = $_SERVER['REMOTE_ADDR']; // get user ip and store it in db

$con = mysql_connect("localhost","3d","pass");
if(!$con)
{
  die('Couldn"t connect'.mysql_error());
}
mysql_select_db("3d",$con);
$insert = "INSERT INTO func_auction
(user,mes,ip)
VALUES
('$_POST[user]','$text','$userip')"; 
if(!mysql_query($insert,$con))
{
  die('Error:'.mysql_error());
}
header( 'Location: http://www.3d.caucasus.net/auction.php' ) ;
mysql_close($con);
?>
I don't need your script, I'll try to write it myself

#2 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 13 August 2006 - 07:13 PM

You need to use mysql_real_escape_string, or add_slashes, on your variable ($text apparently).

You are getting the error because the single quote, which is used to denote the start and end of strings in SQL, is not being escaped in the input text.

#3 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 13 August 2006 - 07:15 PM

That's because you strip the the slashes from the $text variable. It needs to be "Let\'s go" when you put it in the query
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#4 Gruzin

Gruzin
  • Members
  • PipPipPip
  • Advanced Member
  • 448 posts
  • LocationGeorgia

Posted 13 August 2006 - 07:17 PM

you mean this?

$userip = nl2br(stripslashes($_SERVER['REMOTE_ADDR']));

I've tryed but...It doesn't work. any ideas?
I don't need your script, I'll try to write it myself

#5 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 13 August 2006 - 07:20 PM

$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form



If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#6 Gruzin

Gruzin
  • Members
  • PipPipPip
  • Advanced Member
  • 448 posts
  • LocationGeorgia

Posted 13 August 2006 - 07:23 PM

$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form



umm... nothing wrong with that script, I've got a problem with:
$userip = $_SERVER['REMOTE_ADDR']; // get user ip and store it in db

becouse of that I get this error...
I don't need your script, I'll try to write it myself

#7 Gruzin

Gruzin
  • Members
  • PipPipPip
  • Advanced Member
  • 448 posts
  • LocationGeorgia

Posted 13 August 2006 - 07:38 PM

$text = nl2br(stripslashes($_POST['The_Textarea'])); // text inputed in form



OK Barand you are right, thanks a lot:)
I don't need your script, I'll try to write it myself




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users