runeveryday Posted March 18, 2010 Share Posted March 18, 2010 $sql = 'INSERT INTO joke SET joketext="' . $joketext . '", jokedate="today's date"'; i don't understand the line joketext="' . $joketext . '", why it use the single quote and the concatenation . i feel those are a surplus, use this is joketext="$joketext ", ok, but when i test it ,it's show an error, anyone can tell me the reason.any tips would be appreciated. Link to comment https://forums.phpfreaks.com/topic/195633-oen-sql-command/ Share on other sites More sharing options...
trq Posted March 18, 2010 Share Posted March 18, 2010 Your getting an error because of the ' in today's Link to comment https://forums.phpfreaks.com/topic/195633-oen-sql-command/#findComment-1027918 Share on other sites More sharing options...
Kryptix Posted March 18, 2010 Share Posted March 18, 2010 Use this: $sql = "INSERT INTO `joke` SET `joketext` = '" . $joketext . "', `jokedate` = 'today\'s date';"; Link to comment https://forums.phpfreaks.com/topic/195633-oen-sql-command/#findComment-1027929 Share on other sites More sharing options...
fenway Posted March 22, 2010 Share Posted March 22, 2010 Or actually escape your input data properly. Link to comment https://forums.phpfreaks.com/topic/195633-oen-sql-command/#findComment-1030175 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.