ajicles Posted June 26, 2010 Share Posted June 26, 2010 I have fixed the error before when it gave me the error when someone enters a single quote into a field. And it is doing it again for some reason. Thanks AJ. Error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's voice is high listen to usher's.')' at line 3 <?php $con = mysql_connect("mysql4.freehostia.com","ajilmf_likebook","*********"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("ajilmf_likebook", $con); $result = mysql_query("SELECT * FROM facebook", $con); $num_rows = mysql_num_rows($result); $ID = $num_rows + 1; mysql_select_db("test"); $sql="INSERT INTO facebook(ID, post_content) VALUES ('$ID','$_POST[post_content]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo '<head><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://likebook.cz.cc/like.php?id='.$ID.'"></head><br>'; echo '<center>If your browser does not support redirecting <a href="http://likebook.cz.cc/like.php?id='.$ID.'">click here</a>.</center>'; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted June 26, 2010 Share Posted June 26, 2010 Use mysql_real_escape_string on your $_POST[] variables BEFORE you put them into your query. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 26, 2010 Share Posted June 26, 2010 Always use the function mysql_real_escape_string when inserting/updating data in a MySQL database. <?php $sql="INSERT INTO facebook(ID, post_content) VALUES ('$ID','" . mysql_real_escape_string($_POST[post_content]) . "')"; ?> If you don't, you're opening your script up to hackers. Ken Quote Link to comment Share on other sites More sharing options...
Mchl Posted June 26, 2010 Share Posted June 26, 2010 Always use the function mysql_real_escape_string when inserting/updating data in a MySQL database. As well as SELECTing or DELETEing or anything. Quote Link to comment Share on other sites More sharing options...
ajicles Posted June 26, 2010 Author Share Posted June 26, 2010 Thank you very much. I just learned PHP and MYSQL lastweek lol. Learn by online internet videos from Lynda.com Quote Link to comment Share on other sites More sharing options...
ajicles Posted June 26, 2010 Author Share Posted June 26, 2010 It is still returning me an error when I enter single quotes into my form. Here is the website I am using it in that I made: http://likebook.cz.cc And where you enter a sentence with a single quote in it it returns an error. Thanks ~AJ ERROR: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd always be there... Where are you now? ')' at line 3 PHP: <?php $con = mysql_connect("mysql4.freehostia.com","ajilmf_likebook","*********"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("ajilmf_likebook", $con); $result = mysql_query("SELECT * FROM facebook", $con); $num_rows = mysql_num_rows($result); $ID = $num_rows + 1; mysql_select_db("ajilmf_likebook"); $sql="INSERT INTO facebook(ID, post_content) VALUES ('$ID','" . mysql_real_escape_string($_POST[post_content]) . "')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo '<head><META HTTP-EQUIV="refresh" CONTENT="0;URL=http://likebook.cz.cc/like.php?id='.$ID.'"></head><br>'; echo '<center>If your browser does not support redirecting <a href="http://likebook.cz.cc/like.php?id='.$ID.'">click here</a>.</center>'; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
Mchl Posted June 26, 2010 Share Posted June 26, 2010 Thank you very much. I just learned started learning PHP and MYSQL lastweek lol. Are you sure you saved and uploaded your changes? People sometimes get confused about it Quote Link to comment Share on other sites More sharing options...
ajicles Posted June 26, 2010 Author Share Posted June 26, 2010 Thank you very much. I just learned started learning PHP and MYSQL lastweek lol. Are you sure you saved and uploaded your changes? People sometimes get confused about it I believe I did. I'll check the webserver for any changes. I forgot to upload to FTP it I was FTPING the wrong files. Thank you so much for your help. ~ AJ Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 26, 2010 Share Posted June 26, 2010 When you're just learning, it's much easier to use a webserver on your PC, such as xampp or wamp. I use xampp. Then you don't have to worry about uploading to another machine. Ken Quote Link to comment Share on other sites More sharing options...
ajicles Posted June 27, 2010 Author Share Posted June 27, 2010 When you're just learning, it's much easier to use a webserver on your PC, such as xampp or wamp. I use xampp. Then you don't have to worry about uploading to another machine. Ken I use WAMP at home and WAMPP at school. I had just finished my website and was uploading it with a few errors. Another error I came across was if entered a sentence like "Don't Eat Yellow Snow" It would work, but using Facebook's SDK if wouldn't make the page for it. It would only make a page that would be titled: "Don' Since the code for it was: <meta property="og:title" content=''<?php echo $row[1]; ?>''/> It would end the sentence at when the quotes were used. To fix that I use double single quotes ' ' not " or ' Problem fixed. Thank you for your help. ~ AJ Quote Link to comment Share on other sites More sharing options...
Mchl Posted June 27, 2010 Share Posted June 27, 2010 That is incorrect solution. You should use htmlentities function instead. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.