Jump to content

Recommended Posts

Getting this error in my script

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's incredible attention to detail, which will now serve as the new benchmark for '

 

I'm entering text into a text box and when I use ' in the text I get this error. example it's will cause the error.

 

Here is the script

 

<?
require_once("conn.php");
require_once("includes.php");
require_once("access.php");

if(isset($_POST[s1]))
{
if($_POST[content_type] == "cheat")
{
	$ItemID = $_POST[item_id_1];
	$ContentTitle = strip_trim($_POST[cheat_title]);
	$ContentText = strip_trim($_POST[cheat_text]);
}
else
{
	$ItemID = $_POST[item_id_2];
	$ContentTitle = strip_trim($_POST[review_title]);
	$ContentText = strip_trim($_POST[review_text]);
	$rating = $_POST[rating];
}

$q1 = "insert into games_content set 
							ContentType = '$_POST[content_type]',
							ItemID = '$ItemID',
							ContentTitle = '$ContentTitle',
							ContentText = '$ContentText',
							rating = '$rating',
							date_added = '$t',
							user_id = '$_SESSION[MemberID]' ";
mysql_query($q1) or die(mysql_error());

$last = mysql_insert_id();

header("location:view.php?cmd=$_POST[content_type]&id=$last&content_id=$ItemID");
exit();
}


if($_POST[content_type] == "cheat" || empty($_POST[content_type]))
{
$checked1 = "checked";
}
elseif($_POST[content_type] == "review")
{
$checked2 = "checked";
}

require_once("templates/HeaderTemplate.php");
require_once("templates/AddReviewTemplate.php");
require_once("templates/FooterTemplate.php");

?>

 

thanks in advance

Link to comment
https://forums.phpfreaks.com/topic/207913-error-in-a-text-box-to-mysql-when-i-use/
Share on other sites

Run any string type data coming from your form through mysql_real_escape_string() before using it in a database query. That should always be done to prevent SQL injection attacks anyhow.

OK That seems to work. Thanks everyone that replied.

 

 

but the line return doesn't work.

 

example

 

the dog ran fast

 

the boy ran faster.

 

here is how it is stored in the database and show on the script

 

the dog ran fast

the boy ran faster.

 

how do I make it that is allows the line breaks when stored in the database and when shown

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.