bassy Posted August 9, 2011 Share Posted August 9, 2011 Hey, Im getting the error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's','Test Name,'123456679','Test Restaurant Description' at line 1 I cant figure out what the problem is! Please help... Here is my PHP code. Thanks in advance. <?php $email = strtolower(strip_tags($_POST['email'])); $restname = (strip_tags($_POST['restname'])); $cname = (strip_tags($_POST['cname'])); $phoneNum = (strip_tags($_POST['phoneNum'])); $descrip = (strip_tags($_POST['descrip'])); $password = md5(strip_tags($_POST['password'])); $specials = (strip_tags($_POST['specials'])); $price = (strip_tags($_POST['price'])); $foodtype = (strip_tags($_POST['foodtype'])); $reppassword = md5(strip_tags($_POST['reppassword'])); $submit = (strip_tags($_POST['submit'])); if ($submit) { //check for existance if ($email&&$password&&$reppassword&&$restname&&$cname&&$phoneNum&&$descrip&&$foodtype&&$specials&&$price) { if($password==$reppassword) { //check character length of cname if (strlen ($cname)>50) { echo "Contact Name is too long. 25 character maximum."; } else { //check password length if(strlen($password)<6) { echo "Password must be at least 6 characters in length"; } else { //register the user //encrypt passowrd $password = md5($password); $reppassword = md5($reppassword); //open database $connect = mysql_connect("mysql2.mylogin.ie","username","password") or die ('Error:' . mysql_error()); mysql_select_db("database"); $query = "INSERT INTO table1 (id, email, restname, cname, phoneNum, descrip, password, specials, price, foodtype) VALUES ('','$email','$restname','$cname','$phoneNum','$descrip','$password','$specials','$price','$foodtype')"; mysql_query($query) or die ('Error updating database. Please try again later.' .mysql_error()); echo ("Thank you. You have been registered! <a href ='index.php'> Click here</a> to return to the home page and log in using your email and password."); } } } else echo "Passwords to not match. Please enter two identical passwords."; } else echo "Please fill in <strong>ALL</strong> required fields."; } ?> Quote Link to comment Share on other sites More sharing options...
trq Posted August 9, 2011 Share Posted August 9, 2011 You need to escape data going into your database. See mysql_real_escape_string. Quote Link to comment Share on other sites More sharing options...
bassy Posted August 9, 2011 Author Share Posted August 9, 2011 Ok I looked at that but I'm new to this so I can't figure out where to put it and what syntax to use. Can you give me any more detail? Quote Link to comment Share on other sites More sharing options...
the182guy Posted August 9, 2011 Share Posted August 9, 2011 Use it on your user input like $cname = mysql_real_escape_string(strip_tags($_POST['cname'])); Quote Link to comment Share on other sites More sharing options...
TeNDoLLA Posted August 9, 2011 Share Posted August 9, 2011 To the original problem, echo out your $query variable before running it, and see if it has all the values in place as they should be and there is nothing bizarre in the query. The error tells you there is SYNTAX error in SQL query. Quote Link to comment Share on other sites More sharing options...
bassy Posted August 9, 2011 Author Share Posted August 9, 2011 It seems that if I put something like an apostrophe ' in the field it causes the problem. id I avoid apostrophes the problem doesn't happen and it inputs the data to the database just fine. Quote Link to comment Share on other sites More sharing options...
the182guy Posted August 9, 2011 Share Posted August 9, 2011 It seems that if I put something like an apostrophe ' in the field it causes the problem. id I avoid apostrophes the problem doesn't happen and it inputs the data to the database just fine. This should be solved. You haven't taken any notice of thorpe's suggestion. Quote Link to comment Share on other sites More sharing options...
Maq Posted August 9, 2011 Share Posted August 9, 2011 It seems that if I put something like an apostrophe ' in the field it causes the problem. id I avoid apostrophes the problem doesn't happen and it inputs the data to the database just fine. You need to escape data going into your database. See mysql_real_escape_string. As mentioned before, read thorpe's reply. There is even a link to the manual that explains exactly what this function does and how it solves your SQL issue. "mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. " Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted August 9, 2011 Share Posted August 9, 2011 It seems that if I put something like an apostrophe ' in the field it causes the problem. id I avoid apostrophes the problem doesn't happen and it inputs the data to the database just fine. You need to escape data going into your database. See mysql_real_escape_string. As mentioned before, read thorpe's reply. There is even a link to the manual that explains exactly what this function does and how it solves your SQL issue. "mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. " not to get confused with the add_slashes function, which many people use instead of mysql_real_escape_string when inserting data into a db...mysql_real_escape string is much smarter and escapes more characters as well.. from php.net "This function must always (with few exceptions) be used to make data safe before sending a query to MySQL. " Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.