zhshero Posted November 19, 2010 Share Posted November 19, 2010 i get this error when i send a message to a user when i use this ' in a message :S Could not send the message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','','http://zhshero.freehostingcloud.com/members/zhshero/1290146596.jpg')' at line 1 Link to comment https://forums.phpfreaks.com/topic/219163-i-get-this-error/ Share on other sites More sharing options...
seanlim Posted November 19, 2010 Share Posted November 19, 2010 Please post your MySQL query or your PHP code. Link to comment https://forums.phpfreaks.com/topic/219163-i-get-this-error/#findComment-1136487 Share on other sites More sharing options...
zhshero Posted November 19, 2010 Author Share Posted November 19, 2010 message_user.php <?php include "sessionStore.php"; ?> <? $Username = $_GET['msg']; $user = mysql_query("SELECT * FROM users WHERE Username = '$Username'"); $lvl = mysql_query("SELECT * FROM users WHERE Level_access = '$Level_access'"); $lvl=mysql_fetch_assoc($lvl); $user=mysql_fetch_assoc($user); ?> <head> <title>Zhshero Friends</title> <link href="themes/theme1/default.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="header"> <h1>Zhshero Friends</h1> <h2>Menu</h2> <ul> <li class="first"><a href="home.php" accesskey="1" title="">Home</a></li> <li><a href="mymembers.php" accesskey="2" title="">members</a></li> <li><a href="#" accesskey="3" title="">Services</a></li> <li><a href="#" accesskey="4" title="">About</a></li> <li><a href="/inbox/" accesskey="5" title="">inbox</a></li> </ul> </div> <div id="content"> <div id="colOne"> <h3> sending msg to <? echo $user['Username']?> </h3> <ul class="list"> <img src="<? echo $user['main_P']?>" width="150" height="150"/><br> </ul> <p> </p> <h3>news box</h3> <p> <a href=view_photos.php?users_photo=<? echo $user['Username']?>>view my photos</a><br> <a href=message_user.php?msg=<? echo $user['Username']?>>send me a msg</a> </p> </div> <div id="colTwo"> <p> <?php echo "<center><table border='1' boredercolor='red'><tr><td><b><font color=blue>sending a msg to ".$user['Username']."</td></tr></table></center><br>"; $userfinal = get_username($_SESSION['user_id']); $userhehe=$userfinal; ?><font color=white><? echo $user1['Username']?><center> <form name="message" action="/inbox/messageck.php" method="post"> <input type="text" rows="8" name="message_title" value="no titled"> <br> <input type="hidden" name="message_to" value="<? echo $user['Username']?>"><br> Message: <br> <textarea rows="20" cols="50" name="message_content"> </textarea> <?php echo '<input type="hidden" name="message_from" value="'.$userhehe.'"><br>'; ?> <input type="submit" value="Submit"> </form> </p> </div> </div> <div id="footer"> <p>Copyright (c) 2006 Sitename.com. All rights reserved. Design by <a href="http://freecsstemplates.org/">Free CSS Templates</a>.</p> </div> <div style="font-size: 0.8em; text-align: center;"> <br /> Design downloaded from Zeroweb.org: <a href="http://www.zeroweb.org">Free website templates, layouts, and tools.</a><br /> <br /> </div> </body> </html> messageck.php <?php include "sessionStore.php"; ?> <head> <title>Zhshero Friends</title> <link href="../themes/theme1/default.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="header"> <h1>Zhshero Friends</h1> <h2>Menu</h2> <ul> <li><a href="../home.php" accesskey="1" title="">Home</a></li> <li><a href="../mymembers.php" accesskey="2" title="">members</a></li> <li><a href="../update_profile.php" accesskey="3" title="">settings</a></li> <li class="first"><a href="/inbox/" accesskey="5" title="">inbox</a></li> <li><a href="../logout.php" accesskey="4" title="">logout</a></li> </ul> </div> <div id="colTwo"> <? $userfinal2 = get_main_P($_SESSION['user_id']); $title=$_POST['message_title']; $to=$_POST['message_to']; $content=$_POST['message_content']; $from=$_POST['message_from']; $time=$_POST['message_date']; $ck_reciever = "SELECT Username FROM users WHERE Username = '".$to."'"; if( mysql_num_rows( mysql_query( $ck_reciever ) ) == 0 ){ die("The user you are trying to contact don't excist. Please go back and try again.<br> <form name=\"back\" action=\"new_message.php\" method=\"post\"> <input type=\"submit\" value=\"Try Again\"> </form> "); } elseif(strlen($content) < 1){ die("Your can't send an empty message!<br> <form name=\"back\" action=\"new_message.php\" method=\"post\"> <input type=\"submit\" value=\"Try Again\"> </form> "); } elseif(strlen($title) < 1){ die("You must have a Title!<br> <form name=\"back\" action=\"new_message.php\" method=\"post\"> <input type=\"submit\" value=\"Try Again\"> </form> "); }else{ mysql_query("INSERT INTO messages (from_user, to_user, message_title, message_contents, message_date, user_photo) VALUES ('$from','$to','$title','$content','$time','$userfinal2')") OR die("Could not send the message: <br>".mysql_error()); echo "The Message Was Successfully Sent!"; ?> <form name="back" action="index.php" method="post"> <input type="submit" value="Back to The Inbox"> </form> <?php } ?> </div> <div id="footer"> <p>Copyright (c) 2006 Sitename.com. All rights reserved. Design by <a href="http://freecsstemplates.org/">Free CSS Templates</a>.</p> </div> <div style="font-size: 0.8em; text-align: center;"> <br /> Design downloaded from Zeroweb.org: <a href="http://www.zeroweb.org">Free website templates, layouts, and tools.</a><br /> <br /> </div> </body> </html> <center><a href="http://www.adleaf.com" style="font-size:12px;">Free Advertising</a><br/><script type="text/javascript"> riv_client = 318310; riv_backgroundColor = '000000'; riv_borderColor = '000066'; riv_headlineColor = '669900'; riv_textColor = 'FFFFFF'; riv_linkColor = 'CC3300'; riv_adWidth = 728; riv_adHeight = 90; riv_adType = 4; </script> <script type="text/javascript" src="http://ad1.adleaf.com/js/rivad.js"></script> Link to comment https://forums.phpfreaks.com/topic/219163-i-get-this-error/#findComment-1136492 Share on other sites More sharing options...
seanlim Posted November 19, 2010 Share Posted November 19, 2010 stripslashes() if magic_quotes_gpc is not turned off and then mysql_real_escape_string() all your variables used in the MySQL query. if there's still an error, output the query string $query = "INSERT INTO messages (from_user, to_user,..."; var_dump($query); mysql_query($query); Link to comment https://forums.phpfreaks.com/topic/219163-i-get-this-error/#findComment-1136500 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.