prashanth.crs Posted September 22, 2006 Share Posted September 22, 2006 Hi I have a script which basically inserts into MySql database using PHP scirpt the valuess tored in textoxes. the problem comes when someone has entered an apostrohe -'- in the text box...then it always returns an error saying i cannot enter... heres the script error...WHEN I ENTER ' IN ANY OF THE FIELDS Error: Unable to perform update: UPDATE agencies SET date_last_updated = '2006-09-22 16:24:29',agency_name = 'testing99',program_name = 'testing99',address_one = 'testing99'',address_two = 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax = '',web = 'testing99',email = 'testing99',hoursoperation = 'testing99' WHERE aid = '221'; :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax Quote Link to comment Share on other sites More sharing options...
fenway Posted September 25, 2006 Share Posted September 25, 2006 Sounds like you need to escape your quotes. Quote Link to comment Share on other sites More sharing options...
nickholt1972 Posted September 25, 2006 Share Posted September 25, 2006 you've got a php script which may look like this $insertdata = mysql_query ("INSERT INTO database SET field1='field1'")where field1 is the text box entryif someone enters I AM PHP CRAZY, it will be return the code as$insertdata = mysql_query ("INSERT INTO database SET field1='I AM PHP CRAZY'")but if they entered I'M PHP CRAZY, it would return the code as$insertdata = mysql_query ("INSERT INTO database SET field1='I'M PHP CRAZY'")You've got an additional unwanted [b]'[/b] in there so the [b]I[/b] would be what PHP understood to be entered into the database and the [b]M PHP CRAZY'[/b] would cause an error.Have a look on the PHP help board for more details if this solution doesn't work..slap this bit of code into the top of your php file:if (!get_magic_quotes_gpc()) { $_GET = array_map('addslashes', $_GET); $_POST = array_map('addslashes', $_POST); $_COOKIE = array_map('addslashes', $_COOKIE); $_REQUEST = array_map('addslashes', $_REQUEST);}what PHP will do then is to put a [b]\[/b] in front of your [b]'[/b] as its stored in your database. This means that PHP will ignore whatever comes immediately after a [b]\[/b] so it should work then.I hope that works for you.Nick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.