Jump to content

New PHP user with PHP problems

jbis2k

By jbis2k
in PHP Coding Help

 Share

Recommended Posts

jbis2k Newbie

jbis2k

Posted
Posted

Good morning to all:

 

I began using PHP, well, yesterday.  I invested 8 hrs searching via Google and found many good samples to use as a test bed.  I learned that one of the problems to exist with PHP is the apostrophe.  I have setup a test form at www.datasafe.biz/WA for anyone who may wish to help me with this.  The problem, as you may have guessed, is with the use of the " ' " in any field period.  For my test purposes, I entered a comment in the notes field and input an apostrophe.  I submitted my form to a php script which looks as follows:

 

<?php

// Insert cleaning code here

function cleanQuery($string)

{

  $newstring = mysql_real_escape_string($string);

  return $newstring;

}

$con = mysql_connect($host,$username,$password); //Using preset variables

 

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }

// connect to database code

@mysql_select_db($database,$con) or die("Unable to select database");

 

//Check if field set and then clean it

if (isset($_POST['BuyerSeller'])) $BuyerSeller = cleanQuery($_POST['BuyerSeller']);

if (isset($_POST['Make'])) $Make = cleanQuery($_POST['Make']);

if (isset($_POST['Model'])) $Model = cleanQuery($_POST['Model']);

if (isset($_POST['Year'])) $Year = cleanQuery($_POST['Year']);

if (isset($_POST['MinPrice'])) $MinPrice = cleanQuery($_POST['MinPrice']);

if (isset($_POST['MaxPrice'])) $MaxPrice = cleanQuery($_POST['MaxPrice']);

if (isset($_POST['POC'])) $POC = cleanQuery($_POST['POC']);

if (isset($_POST['POCPhone'])) $POCPhone = cleanQuery($_POST['POCPhone']);

if (isset($_POST['POCEmail'])) $POCEmail = cleanQuery($_POST['POCEmail']);

if (isset($_POST['Notes'])) $Notes = cleanQuery($_POST['Notes']);

// End cleaning code here

 

//Get ready to query and insert into database table

$sql="INSERT INTO Autos (DateCreated,Make,Model,Year,MinPrice,MaxPrice,POC,POCPhone,POCEmail,BuyerSeller,Notes) VALUES (curdate(),'$_POST[Make]','$_POST[Model]','$_POST[Year]','$_POST[MinPrice]','$_POST[MaxPrice]','$_POST[POC]','$_POST[POCPhone]','$_POST[POCEmail]','$_POST[buyerSeller]','$_POST[Notes]')";

 

if (!mysql_query($sql,$con))

  {

    die('Error: ' . mysql_error());

  }

echo "1 record added";

 

mysql_close($con);

?>

 

This code I found at various places on the net via Google.  It works mostly except for when the, you know, is used.  I tried other suggestions posted by others who had a similar problem, all to no avail.  This is what is returned as an error:

 

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't it?')' at line 1

Link to comment
https://forums.phpfreaks.com/topic/237890-new-php-user-with-php-problems/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The variables you are assigning the form data to in your code ($BuyerSeller, $Make, ...) are not the variables you are putting into the query statement. You are putting the original $_POST variables into the query statement.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.