flemingmike Posted September 26, 2010 Share Posted September 26, 2010 hello, if i have an appostraphy in a text box while sumitting, it returns an error. any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/ Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 Submitting it how? More details. Code? Ken Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115758 Share on other sites More sharing options...
jcbones Posted September 26, 2010 Share Posted September 26, 2010 To a database? mysql_real_escape_string() Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115762 Share on other sites More sharing options...
flemingmike Posted September 26, 2010 Author Share Posted September 26, 2010 submitting to a mysql database Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115771 Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 Please post your code. Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115782 Share on other sites More sharing options...
flemingmike Posted September 26, 2010 Author Share Posted September 26, 2010 <?php include 'config.php'; include 'javascript.php'; $randeid=rand(223, 971); if(isset($_POST['add'])) { if( empty($_POST['name']) ) { // validation fails, do something echo "<center>You need to enter a Name."; } else { $sql = "INSERT INTO staff VALUES ( NULL, '$randeid', '{$_POST['name']}', '{$_POST['phone1']}', '{$_POST['phone2']}', '{$_POST['address']}', '{$_POST['city']}', '{$_POST['province']}', '{$_POST['postal']}' )"; mysql_query($sql) or die('Error, adding new Employee. Check you fields and try again.'); echo "<center>You have successfully entered a Employee."; } } ?> <form method="POST"> <p align="center">Name: <input type="text" name="name" size="20"> Phone #: <input type="text" name="phone1" size="15" onkeydown="javascript:backspacerDOWN(this,event);" onkeyup="javascript:backspacerUP(this,event);"> Phone 2 #: <input type="text" name="phone2" size="15" onkeydown="javascript:backspacerDOWN(this,event);" onkeyup="javascript:backspacerUP(this,event);"> <br />Address: <input type="text" name="address" size="25"> City: <input type="text" name="city" size="15"> Postal Code: <input type="text" name="postal" size="10"> Province: <select size="1" name="province"> <option>AB</option> <option>BC</option> <option>MB</option> <option>NB</option> <option>NL</option> <option>NT</option> <option>NS</option> <option>NU</option> <option selected>ON</option> <option>PE</option> <option>QC</option> <option>SK</option> <option>YT</option> </select> <input type="submit" value="Add" name="add"></p> </form> <?php echo "<table border='1' style='border-collapse: collapse' bordercolorlight='#000000' bordercolordark='#000000' width='98%' align='center'>"; echo "<tr><td width='100%' colspan='7' align='center'><b>City Core Employee List</b></td></tr>"; echo "<tr> <th align='center'>Employee #</th> <th align='center'>Name</th> <th align='center'>Phone</th> <th align='center'>Phone 2</th> <th align='center'>Address</th> <th align='center'></th> </tr>"; $result = mysql_query("SELECT * FROM staff ORDER BY name"); while($row = mysql_fetch_array($result)) { $id=$row['id']; $eid=$row['eid']; $name=$row['name']; $phone1=$row['phone1']; $phone2=$row['phone2']; $address=$row['address']; $city=$row['city']; $postal=$row['postal']; $province=$row['province']; echo "<tr>"; echo "<td align='center'>" . $eid . "</td>"; echo "<td align='center'>" . $name . "</td>"; echo "<td align='center'>" . $phone1 . "</td>"; echo "<td align='center'>" . $phone2 . "</td>"; echo "<td align='center'>" . $address . " " . $city . ", " . $postal . " " . $province . "</td>"; echo "<td align='center'><a href='editstaff.php?eid=" . $eid . "'>Edit</a></td>"; echo "</tr>"; } echo "</table>"; include 'close.php'; ?> Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115789 Share on other sites More sharing options...
kenrbnsn Posted September 26, 2010 Share Posted September 26, 2010 You should be using the function mysql_real_escape_string on all user inputs that are used in a MySQL query. <?php $sql = "INSERT INTO staff VALUES ( NULL, '$randeid', '" . mysql_real_escape_string($_POST['name']) ."', '" . mysql_real_escape_string($_POST['phone1']) ."', '" . mysql_real_escape_string($_POST['phone2']) ."', '" . mysql_real_escape_string($_POST['address']) ."', '" . mysql_real_escape_string($_POST['city']) ."', '" . mysql_real_escape_string($_POST['province']) ."', '" . mysql_real_escape_string($_POST['postal']) ."' )"; ?> Ken Quote Link to comment https://forums.phpfreaks.com/topic/214405-getting-error-when-inserting-field-with/#findComment-1115790 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.