ChrisOKC Posted February 21, 2011 Share Posted February 21, 2011 My hosting service has magic_quotes_gpc = On. I was working on my home test server and the following script worked perfectly. Turns out I had magic_quotes_gpc = Off .. I set magic_quotes_gpc = On and restarted. Now the script isn't working. See code and output below. I know something isn't being escaped properly, but I have no clue how/what. Even if I copy and paste the $insert output directly to phpmyadmin, it returns the same error. //HTML Vars $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $email = $_POST['email']; $desc = $_POST['desc']; //This is a textarea with long description. $year = $_POST['date']; //MySQL - no connection issues $link = mysql_connect('localhost', '__uesr__', '__passwd__*'); $db = mysql_select_db('__DB__', $link); $insert = "INSERT INTO images (firstName, lastName, email, descript, dateYear) VALUES ('$firstName' , '$lastName' , '$email' , '$desc' , '$year' "; $query = mysql_query($insert); if (!$query) { die ('Can\'t query ' . mysql_error()); } echo $insert; ::OUTPUTS:: Can't query You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 INSERT INTO images (firstName, lastName, email, descript, dateYear) VALUES ('this' , 'is' , 'the@email.com' , 'and. the. description won\'t work.' , '3456' Obviously I am a novice. I have tried using mysql_real_escape_string with and without stripslashes, but I'm not getting anywhere except more errors. Any help would be greatly appreciated. And I don't care about SQL injection AT ALL. I just want the thing to work with proper escaping for the description if a user inputs special chars. Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted February 21, 2011 Share Posted February 21, 2011 could this thread be of help? http://www.webdeveloper.com/forum/showthread.php?t=90414 Quote Link to comment Share on other sites More sharing options...
ChrisOKC Posted February 21, 2011 Author Share Posted February 21, 2011 It still returns.... You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 If I copy and past the direct echo output of $insert into phpmysql, it returns the EXACT SAME ERROR. See attached screen shot. If I type that sql statement out, it works fine. If I paste it from my browser from the wcho $insert, I get the error. [attachment deleted by admin] Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 21, 2011 Share Posted February 21, 2011 That error doesn't look like it's related to an escaping problem. Can you post the table structure? Quote Link to comment Share on other sites More sharing options...
ChrisOKC Posted February 21, 2011 Author Share Posted February 21, 2011 `key` int(3) NOT NULL AUTO_INCREMENT, `firstName` text NOT NULL, `lastName` text NOT NULL, `email` text NOT NULL, `descript` text NOT NULL, `file` text NOT NULL, `date` int(4) NOT NULL, PRIMARY KEY (`key`) Quote Link to comment Share on other sites More sharing options...
cssfreakie Posted February 21, 2011 Share Posted February 21, 2011 the image you provided shows you are missing a closing ) in the values part. not sure if that is the thing but it is missing Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted February 21, 2011 Share Posted February 21, 2011 Yeah, that has to be it. Good catch. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.