Jump to content

SQL syntax error!!!!

daxguy

By daxguy
in PHP Coding Help

Recommended Posts

daxguy Member

daxguy

Posted
Posted 

$query4 = 'UPDATE movies SET embed = \''.$updated_embed. ',\' where title =\''.$_POST['title'].'\' ';

 

i have written this query to update my movies table and as u see the query is written using ' ' quotes now wen i try inserting the values in the text box and if it encounters " quote it works fine but if it encounters ' quote anywer it causes error cuz it messes up with the query.. can anyone help??? sumhow i could igone ' quote in the sql query but want the complete text in the text box including ' quote to be inserted in the db.. if i use " quote with query then i have the same problem.. if i try adding a text and it encounter " then there is a problem with sql syntax and a problem is caused any one give a solution please.. i want these quotes used in the text box to be inserted in db.. dont want to remove them..

Link to comment
https://forums.phpfreaks.com/topic/210672-sql-syntax-error/
Share on other sites
daxguy Member

daxguy

Posted
  • Author
Posted 

$embed_text = mysql_real_escape_string($_POST['embed']);

	foreach($embed_text as $embed_value)
	{
		$query4_1 = "Select * from movies where title = '".$_POST['title']."';";
		$result2 = mysql_query($query4_1) or die(mysql_error());
		while ($row2 = mysql_fetch_assoc($result2))
		{
			$embed_update = $row2['embed'];
			$updated_embed = $embed_update.$embed_value;
			$query4 = 'UPDATE movies SET embed = \''.$updated_embed. ',\' where title =\''.$_POST['title'].'\' ';
			mysql_query($query4) or die(mysql_error());

		}


	}

 

$_POST['embed'] is an array and $_POST['embed'] creates a random no of fields soo an array is used here..

in the above code i have tried to update the existing db entries with new ones added to them.

 

but now am getting the error

Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in C:\xampp\htdocs\gl\movie_process.php on line 112

 

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\gl\movie_process.php on line 114

Link to comment
https://forums.phpfreaks.com/topic/210672-sql-syntax-error/#findComment-1099040
Share on other sites
Alex Advanced Member

Alex

Posted
Posted

How is that not a solution?

 

$_POST['title'] = mysql_real_escape_string($_POST['title']); // Make sure you do this before the loop
...
$update_embed = mysql_real_escape_string($update_embed);
$query4 = 'UPDATE movies SET embed = \''.$updated_embed. ',\' where title =\''.$_POST['title'].'\' ';

Link to comment
https://forums.phpfreaks.com/topic/210672-sql-syntax-error/#findComment-1099048
Share on other sites
daxguy Member

daxguy

Posted
  • Author
Posted

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '600' height='480' frameborder='0' src='http://embed.videoweed.com/embed.php?v=cw' at line 1

 

this the error am getting again on the following code

 

foreach($_POST['embed'] as $embed_value)
	{
		$query4_1 = "Select * from movies where title = '".$_POST['title']."';";
		$result2 = mysql_query($query4_1) or die(mysql_error());
		while ($row2 = mysql_fetch_assoc($result2))
		{
			$embed_update = $row2['embed'];
			$updated_embed = $embed_update.$embed_value;
			$update_embed = mysql_real_escape_string($update_embed);
			$query4 = 'UPDATE movies SET embed = \''.$updated_embed. ',\' where title =\''.$_POST['title'].'\' ';
			mysql_query($query4) or die(mysql_error());

		}


	}

 

i did this

 $update_embed = mysql_real_escape_string($update_embed);

but its still interfearing with the code

Link to comment
https://forums.phpfreaks.com/topic/210672-sql-syntax-error/#findComment-1099052
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.