cholland Posted February 26, 2010 Share Posted February 26, 2010 Hi All, I have a page where people can enter their name. If they enter a name such as "O'Brien" i get a SQL error when the form is processed and the insert query to the mysql db is run. Does any body have any ideas what's wrong here? Any help would be fantastic! Here is some code from my form with the input boes: <TR><TD></td></tr> <tr> <td colspan="2"><h3>Enter Pupil Information (required)</h3></td> </tr> <td width=30%>First Name</td> <td> <input type="text" name="inputFirstName" maxlength="60" size="30" value="" /></td> </tr> <tr> <td>Surname</td> <td> <input type="text" name="inputSurName" maxlength="60" size="30" value = "" /></td> </tr> And here is the form processing when the user clicks save: include ("connect.php"); $theDate = isset($_REQUEST["date1"]) ? $_REQUEST["date1"] : ""; // create short variable names $FirstName=$_POST['inputFirstName']; $SurName=$_POST['inputSurName']; $AddressLine1=$_POST['inputAddressLine1']; $AddressLine2=$_POST['inputAddressLine2']; $Town=$_POST['inputTown/City']; $HomePhoneNumber=$_POST['inputHomePhoneNumber']; $Medical=$_POST['inputMedical']; $Interest=$_POST['inputInterest']; if (!$FirstName || !$SurName ) { echo "You have not entered all the required details.<br />" ."Please go back and try again."; exit; } else { mysql_query("INSERT INTO tblpupil (`TeacherID`,`FirstName`, `SurName`,`AddressLine1`,`AddressLine2`,`Town/City`, `HomePhoneNumber`,`DOB`,`Medical`,`Interest`) VALUES ('$Sid','$FirstName','$SurName','$AddressLine1','$AddressLine2','$Town','$HomePhoneNumber','$theDate','$Medical','$Interest')") or die(mysql_error()); echo "Pupil has been added!"; header('Location: myclass.php'); } Link to comment https://forums.phpfreaks.com/topic/193498-problems-when-is-entered-into-input-box/ Share on other sites More sharing options...
aebstract Posted February 26, 2010 Share Posted February 26, 2010 A copy of the actual error would help. Does commenting the ' out fix it? O\'Brien? Link to comment https://forums.phpfreaks.com/topic/193498-problems-when-is-entered-into-input-box/#findComment-1018664 Share on other sites More sharing options...
Alex Posted February 26, 2010 Share Posted February 26, 2010 You should be escaping all user input that will be used in a MySQL query with mysql_real_escape_string. Link to comment https://forums.phpfreaks.com/topic/193498-problems-when-is-entered-into-input-box/#findComment-1018666 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.