Jump to content

Characters like ' and "


rockstarrem

Recommended Posts

Hello,

 

I'm learning PHP/MySQL and I'm running into some trouble. When I post something from PHP to the database with something like ' in the post, I get the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'm here ')' at line 1

 

So I get it's saying that my MySQL syntax is wrong and it's passing the ' from the post like it's actual syntax... heres my code:

 

<?php
$mysqli = new mysqli();
$mysqli->connect("localhost", "root", "", "jesus");
$title = $_POST["title"];
$name = $_POST["name"];
$post = $_POST["new_post"];
$newquery = "INSERT INTO `jesus`.`posts` ( `title` , `name` , `post` ) VALUES ('$title', '$name', '$post');";
$mysqli->query($newquery, MYSQLI_STORE_RESULT);
if ($mysqli->errno) {
printf("Unable to connect to the database:<br /> %s",
$mysqli->error);
exit();
}
echo "Success!";
?>

Link to comment
https://forums.phpfreaks.com/topic/191139-characters-like-and/
Share on other sites

 

I get a few of these errors now:

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\do_blog.php on line 10

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\wamp\www\do_blog.php on line 10
Unable to connect to the database:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'Domenic's', 'Testing's')' at line 1

 

My code is:

 

<?php
$mysqli = new mysqli();
$mysqli->connect("localhost", "root", "", "jesus");
$title = $_POST["title"];
$name = $_POST["name"];
$post = $_POST["new_post"];
$newquery = "INSERT INTO `jesus`.`posts` ( `title` , `name` , `post` ) VALUES ('$title', '$name', '$post');";
mysql_real_escape_string($title);
mysql_real_escape_string($name);
mysql_real_escape_string($post);
$mysqli->query($newquery, MYSQLI_STORE_RESULT);
if ($mysqli->errno) {
printf("Unable to connect to the database:<br /> %s",
$mysqli->error);
exit();
}
echo "Success!";
?>

Link to comment
https://forums.phpfreaks.com/topic/191139-characters-like-and/#findComment-1007857
Share on other sites

I fixed the above problem, but I'm still getting this:

 

Unable to connect to the database:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'Domenic's', 'Testing's')' at line 1

 

My code is...

<?php
$mysqli = new mysqli();
$mysqli->connect("localhost", "root", "", "jesus");
$title = $_POST["title"];
$name = $_POST["name"];
$post = $_POST["new_post"];
$newquery = "INSERT INTO `jesus`.`posts` ( `title` , `name` , `post` ) VALUES ('$title', '$name', '$post');";
$link = mysql_connect("localhost", "root", "");
mysql_real_escape_string($title);
mysql_real_escape_string($name);
mysql_real_escape_string($post);
$mysqli->query($newquery, MYSQLI_STORE_RESULT);
if ($mysqli->errno) {
printf("Unable to connect to the database:<br /> %s",
$mysqli->error);
exit();
}
echo "Success!";
?>

Link to comment
https://forums.phpfreaks.com/topic/191139-characters-like-and/#findComment-1007858
Share on other sites

Hello,

 

It's still not working:

 

Unable to connect to the database:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Test'', 'Test'')' at line 1

 

My code is...

 

<?php
$mysqli = new mysqli();
$mysqli->connect("localhost", "root", "", "jesus");
$title = $_POST["title"];
$name = $_POST["name"];
$post = $_POST["new_post"];
$newquery = "INSERT INTO `jesus`.`posts` ( `title` , `name` , `post` ) VALUES ('$title', '$name', '$post');";

$title = $mysqli->real_escape_string($title);
$name = $mysqli->real_escape_string($name);
$post = $mysqli->real_escape_string($post);
$mysqli->query($newquery, MYSQLI_STORE_RESULT);
if ($mysqli->errno) {
printf("Unable to connect to the database:<br /> %s",
$mysqli->error);
exit();
}
echo "Success!";
?>

Link to comment
https://forums.phpfreaks.com/topic/191139-characters-like-and/#findComment-1007867
Share on other sites

<?php
$mysqli = new mysqli();
$mysqli->connect("localhost", "root", "", "jesus");
$title = $_POST["title"];
$name = $_POST["name"];
$post = $_POST["new_post"];
//Escape first
$title = $mysqli->real_escape_string($title);
$name = $mysqli->real_escape_string($name);
$post = $mysqli->real_escape_string($post);
//Put into query later
$newquery = "INSERT INTO `jesus`.`posts` ( `title` , `name` , `post` ) VALUES ('$title', '$name', '$post');";

$mysqli->query($newquery, MYSQLI_STORE_RESULT);
if ($mysqli->errno) {
printf("Unable to connect to the database:<br /> %s",
$mysqli->error);
exit();
}
echo "Success!";
?>

Link to comment
https://forums.phpfreaks.com/topic/191139-characters-like-and/#findComment-1007870
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.