computel Posted July 16, 2010 Share Posted July 16, 2010 Getting this error in my script You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's incredible attention to detail, which will now serve as the new benchmark for ' I'm entering text into a text box and when I use ' in the text I get this error. example it's will cause the error. Here is the script <? require_once("conn.php"); require_once("includes.php"); require_once("access.php"); if(isset($_POST[s1])) { if($_POST[content_type] == "cheat") { $ItemID = $_POST[item_id_1]; $ContentTitle = strip_trim($_POST[cheat_title]); $ContentText = strip_trim($_POST[cheat_text]); } else { $ItemID = $_POST[item_id_2]; $ContentTitle = strip_trim($_POST[review_title]); $ContentText = strip_trim($_POST[review_text]); $rating = $_POST[rating]; } $q1 = "insert into games_content set ContentType = '$_POST[content_type]', ItemID = '$ItemID', ContentTitle = '$ContentTitle', ContentText = '$ContentText', rating = '$rating', date_added = '$t', user_id = '$_SESSION[MemberID]' "; mysql_query($q1) or die(mysql_error()); $last = mysql_insert_id(); header("location:view.php?cmd=$_POST[content_type]&id=$last&content_id=$ItemID"); exit(); } if($_POST[content_type] == "cheat" || empty($_POST[content_type])) { $checked1 = "checked"; } elseif($_POST[content_type] == "review") { $checked2 = "checked"; } require_once("templates/HeaderTemplate.php"); require_once("templates/AddReviewTemplate.php"); require_once("templates/FooterTemplate.php"); ?> thanks in advance Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 16, 2010 Share Posted July 16, 2010 Run any string type data coming from your form through mysql_real_escape_string() before using it in a database query. That should always be done to prevent SQL injection attacks anyhow. Quote Link to comment Share on other sites More sharing options...
computel Posted July 16, 2010 Author Share Posted July 16, 2010 how do I do this I have almost 0 experience in PHP & mysql. I bought this script and it doesn't work. Any help would be great. Thanks Quote Link to comment Share on other sites More sharing options...
Zane Posted July 16, 2010 Share Posted July 16, 2010 It's as easy as doing this $variable = mysql_real_escape_string($_POST['variable']); Just like any other function. Quote Link to comment Share on other sites More sharing options...
computel Posted July 16, 2010 Author Share Posted July 16, 2010 OK That seems to work. Thanks everyone that replied. but the line return doesn't work. example the dog ran fast the boy ran faster. here is how it is stored in the database and show on the script the dog ran fast the boy ran faster. how do I make it that is allows the line breaks when stored in the database and when shown Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.