flemingmike Posted September 26, 2010 Share Posted September 26, 2010 hello, if i have an appostraphy in a text box while sumitting, it returns an error. any ideas? Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/ Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 Submitting it how? More details. Code? Ken Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115758 Share on other sites More sharing options...
jcbones Posted September 26, 2010 Share Posted September 26, 2010 To a database? mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115762 Share on other sites More sharing options...
flemingmike Posted September 26, 2010 Author Share Posted September 26, 2010 submitting to a mysql database Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115771 Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 Please post your code. Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115782 Share on other sites More sharing options...
flemingmike Posted September 26, 2010 Author Share Posted September 26, 2010 <?php include 'config.php'; include 'javascript.php'; $randeid=rand(223, 971); if(isset($_POST['add'])) { if( empty($_POST['name']) ) { // validation fails, do something echo "<center>You need to enter a Name."; } else { $sql = "INSERT INTO staff VALUES ( NULL, '$randeid', '{$_POST['name']}', '{$_POST['phone1']}', '{$_POST['phone2']}', '{$_POST['address']}', '{$_POST['city']}', '{$_POST['province']}', '{$_POST['postal']}' )"; mysql_query($sql) or die('Error, adding new Employee. Check you fields and try again.'); echo "<center>You have successfully entered a Employee."; } } ?> <form method="POST"> <p align="center">Name: <input type="text" name="name" size="20"> Phone #: <input type="text" name="phone1" size="15" onkeydown="javascript:backspacerDOWN(this,event);" onkeyup="javascript:backspacerUP(this,event);"> Phone 2 #: <input type="text" name="phone2" size="15" onkeydown="javascript:backspacerDOWN(this,event);" onkeyup="javascript:backspacerUP(this,event);"> <br />Address: <input type="text" name="address" size="25"> City: <input type="text" name="city" size="15"> Postal Code: <input type="text" name="postal" size="10"> Province: <select size="1" name="province"> <option>AB</option> <option>BC</option> <option>MB</option> <option>NB</option> <option>NL</option> <option>NT</option> <option>NS</option> <option>NU</option> <option selected>ON</option> <option>PE</option> <option>QC</option> <option>SK</option> <option>YT</option> </select> <input type="submit" value="Add" name="add"></p> </form> <?php echo "<table border='1' style='border-collapse: collapse' bordercolorlight='#000000' bordercolordark='#000000' width='98%' align='center'>"; echo "<tr><td width='100%' colspan='7' align='center'><b>City Core Employee List</b></td></tr>"; echo "<tr> <th align='center'>Employee #</th> <th align='center'>Name</th> <th align='center'>Phone</th> <th align='center'>Phone 2</th> <th align='center'>Address</th> <th align='center'></th> </tr>"; $result = mysql_query("SELECT * FROM staff ORDER BY name"); while($row = mysql_fetch_array($result)) { $id=$row['id']; $eid=$row['eid']; $name=$row['name']; $phone1=$row['phone1']; $phone2=$row['phone2']; $address=$row['address']; $city=$row['city']; $postal=$row['postal']; $province=$row['province']; echo "<tr>"; echo "<td align='center'>" . $eid . "</td>"; echo "<td align='center'>" . $name . "</td>"; echo "<td align='center'>" . $phone1 . "</td>"; echo "<td align='center'>" . $phone2 . "</td>"; echo "<td align='center'>" . $address . " " . $city . ", " . $postal . " " . $province . "</td>"; echo "<td align='center'><a href='editstaff.php?eid=" . $eid . "'>Edit</a></td>"; echo "</tr>"; } echo "</table>"; include 'close.php'; ?> Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115789 Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 You should be using the function mysql_real_escape_string on all user inputs that are used in a MySQL query. <?php $sql = "INSERT INTO staff VALUES ( NULL, '$randeid', '" . mysql_real_escape_string($_POST['name']) ."', '" . mysql_real_escape_string($_POST['phone1']) ."', '" . mysql_real_escape_string($_POST['phone2']) ."', '" . mysql_real_escape_string($_POST['address']) ."', '" . mysql_real_escape_string($_POST['city']) ."', '" . mysql_real_escape_string($_POST['province']) ."', '" . mysql_real_escape_string($_POST['postal']) ."' )"; ?> Ken Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115790 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.