contra10 Posted July 30, 2011 Share Posted July 30, 2011 hello, i keep getting a syntax error message when I try to display my data from my database, heres the code that i use fo veiwing the data <?php $alb = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("programs") or die(mysql_error()); mysql_set_charset('utf8', $alb); $query = "SELECT * FROM `canpro` WHERE `directory` = '$sub' ORDER BY area, school ASC"; $result = mysql_query($query) or die(mysql_error()); while ($postede = mysql_fetch_assoc($result)) { $area = "{$postede['area']}"; $dn = "{$postede['dn']}"; $dl = "{$postede['dl']}"; echo "<font size='3'><b>$school</b></font><br>"; echo "<font size='2'><b>$dn</b></font><br><font size='2' color = '#3B5998'><b>$dl</b></font><br>"; mysql_select_db("schools") or die(mysql_error()); $query2 = "SELECT * FROM `canschools` WHERE `name` = '$area'"; $result2 = mysql_query($query2) or die(mysql_error()); while ($postede2 = mysql_fetch_assoc($result2)) { $city = "{$postede2['city']}"; $area2 = "{$postede2['area']}"; echo "<font size='2'><b>$city, $area2</b></font><br><br>"; } } ?> The display message i get is You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Calender'' at line 1 it shows all my information except when the word contains an apostrohpe then it doesn't shows the error and all the information afterwords won't get displayed Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 30, 2011 Share Posted July 30, 2011 The data needs to be escaped with mysql_real_escape_string prior to being used in a query string, as all string type data should be. Quote Link to comment Share on other sites More sharing options...
contra10 Posted July 30, 2011 Author Share Posted July 30, 2011 i did that before the data gets placed in the database, the same has to work for when im displaying it? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted July 30, 2011 Share Posted July 30, 2011 Yes, the single quote is still present in the string, and it will break the query, as you've seen. It's important to understand that the backslashes inserted when the data is escaped are not (and should not be) stored with the data. Therefore you need to escape the data again if you want to use it in another query string. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.