xProteuSx Posted October 12, 2011 Share Posted October 12, 2011 Say I have the following ... $string = 'This is a silly problem!'; $insert = "INSERT INTO table (column1) VALUES ($string)"; $insertresult = mysql_query($insert) or die ('Error in Insert query: ' . mysql_error()); ... I get the following problem: Error in Insert query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'is a silly problem!' at line 1 It throws an error after the first space that it encounters. How do I get around this? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 12, 2011 Share Posted October 12, 2011 String data must be enclosed by single-quotes so that it is not treated as a column name or a keyword - $insert = "INSERT INTO table (column1) VALUES ('$string')"; Quote Link to comment Share on other sites More sharing options...
xProteuSx Posted October 12, 2011 Author Share Posted October 12, 2011 Okay, that solves it. Thanks. However, I'm up against a new problem (to which the solution is probably just as simple as the original problem). I've got a paragraph stored in a session variable: $_SESSION['paragraph'] = "We are constantly trying to improve PHP Freaks and these forums, so feel free to go to the PHPFreaks Comments/Suggestions board and point out anything you'd like to see different!"; $string = mysql_real_escape_string($_SESSION['paragraph']); $insert = "INSERT INTO table (column1) VALUES ($string)"; $insertresult = mysql_query($insert) or die ('Error in Insert query: ' . mysql_error()); Now, the insert works. However, the 'column' value for this new row is: mysql_real_escape_string(We are constantly trying to improve PHP Freaks and these forums, so feel free to go to the PHPFreaks Comments/Suggestions board and point out anything you'd like to see different!) Whereas it should be: We are constantly trying to improve PHP Freaks and these forums, so feel free to go to the PHPFreaks Comments/Suggestions board and point out anything you\'d like to see different! What am I doing wrong now??? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 12, 2011 Share Posted October 12, 2011 The escape characters - \ are NOT stored in the database table. They only exist in the query statement to indicate which special characters are part of the data instead of being part of the sql syntax. Quote Link to comment Share on other sites More sharing options...
xProteuSx Posted October 12, 2011 Author Share Posted October 12, 2011 That doesn't solve the problem of the following being stored in the table: mysql_real_escape_string(We are constantly trying to improve PHP Freaks and these forums, so feel free to go to the PHPFreaks Comments/Suggestions board and point out anything you'd like to see different!) What's going on here? How do I get around this? Thanks ... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted October 12, 2011 Share Posted October 12, 2011 You would need to post your actual code. I can guarantee that the code you posted didn't produce that result. Quote Link to comment Share on other sites More sharing options...
xProteuSx Posted October 12, 2011 Author Share Posted October 12, 2011 You're right ... I found my error. I'd post the solution, but its applicable only to my crazy code. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.