computel Posted July 16, 2010 Share Posted July 16, 2010 Getting this error in my script You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's incredible attention to detail, which will now serve as the new benchmark for ' I'm entering text into a text box and when I use ' in the text I get this error. example it's will cause the error. Here is the script <? require_once("conn.php"); require_once("includes.php"); require_once("access.php"); if(isset($_POST[s1])) { if($_POST[content_type] == "cheat") { $ItemID = $_POST[item_id_1]; $ContentTitle = strip_trim($_POST[cheat_title]); $ContentText = strip_trim($_POST[cheat_text]); } else { $ItemID = $_POST[item_id_2]; $ContentTitle = strip_trim($_POST[review_title]); $ContentText = strip_trim($_POST[review_text]); $rating = $_POST[rating]; } $q1 = "insert into games_content set ContentType = '$_POST[content_type]', ItemID = '$ItemID', ContentTitle = '$ContentTitle', ContentText = '$ContentText', rating = '$rating', date_added = '$t', user_id = '$_SESSION[MemberID]' "; mysql_query($q1) or die(mysql_error()); $last = mysql_insert_id(); header("location:view.php?cmd=$_POST[content_type]&id=$last&content_id=$ItemID"); exit(); } if($_POST[content_type] == "cheat" || empty($_POST[content_type])) { $checked1 = "checked"; } elseif($_POST[content_type] == "review") { $checked2 = "checked"; } require_once("templates/HeaderTemplate.php"); require_once("templates/AddReviewTemplate.php"); require_once("templates/FooterTemplate.php"); ?> thanks in advance Link to comment https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/ Share on other sites More sharing options...
Pikachu2000 Posted July 16, 2010 Share Posted July 16, 2010 Run any string type data coming from your form through mysql_real_escape_string() before using it in a database query. That should always be done to prevent SQL injection attacks anyhow. Link to comment https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/#findComment-1086891 Share on other sites More sharing options...
computel Posted July 16, 2010 Author Share Posted July 16, 2010 how do I do this I have almost 0 experience in PHP & mysql. I bought this script and it doesn't work. Any help would be great. Thanks Link to comment https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/#findComment-1086899 Share on other sites More sharing options...
Zane Posted July 16, 2010 Share Posted July 16, 2010 It's as easy as doing this $variable = mysql_real_escape_string($_POST['variable']); Just like any other function. Link to comment https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/#findComment-1086914 Share on other sites More sharing options...
computel Posted July 16, 2010 Author Share Posted July 16, 2010 OK That seems to work. Thanks everyone that replied. but the line return doesn't work. example the dog ran fast the boy ran faster. here is how it is stored in the database and show on the script the dog ran fast the boy ran faster. how do I make it that is allows the line breaks when stored in the database and when shown Link to comment https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/#findComment-1087087 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.