mysqlconfused Posted November 21, 2011 Share Posted November 21, 2011 Hello I have a form that goes to mysql db. The message portion of the form will not take characters like "" ' and it gives me this error when it is inputted and then a blank insertion is then inputted into the db. Please help me as I do not know how to fix this issue and this is very time sensitive. Here is the link www.pesttrackers.com/func.inc.php and then the link Report a pest issue. After the form is filled out I get this error: Insert Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's of Eggs all over. eww!! so i had to stay with my mom while it took Terminix 2w' at line 7 If I take out the characters it does not like it will go through. Here is the php and mysql code I am using: <?php /* Change db and connect values if using online */ $name=$_POST['name']; $address=$_POST['address']; $lat=$_POST['lat']; $lng=$_POST['lng']; $email=$_POST['email']; $message=$_POST['message']; $postalcode=$_POST['postalcode']; ?> <?php require("mysql_connect.php"); $conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname); mysql_select_db($dbname); if (! $conn) die(mysql_error()); mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error()); $query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'", mysql_real_escape_string($name), mysql_real_escape_string($message)); $result=mysql_query("INSERT INTO markers (name, address, lat, lng, email, message, postalcode) VALUES ( '$name', '$address', '$lat', '$lng', '$email', '$message', '$postalcode')") or die("Insert Error: ".mysql_error()); mysql_close($conn); ?> <?php require("mysql.php"); $conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname); mysql_select_db($dbname); if (! $conn) die(mysql_error()); mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error()); $result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("<b>Message:</b><br/><br/> %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]); } mysql_free_result($result); mysql_close($conn); ?> Can someone pretty please help me with this issue I would be forever grateful as I have looked at the mysql_real_escape_string() and I have tried many other code tutorials and cannot seem to get this to work. Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/ Share on other sites More sharing options...
Maq Posted November 21, 2011 Share Posted November 21, 2011 In the future, please place OR tags around your code. Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290143 Share on other sites More sharing options...
Pikachu2000 Posted November 21, 2011 Share Posted November 21, 2011 You need this: mysql_real_escape_string for use with any string type data in the query. Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290146 Share on other sites More sharing options...
mysqlconfused Posted November 21, 2011 Author Share Posted November 21, 2011 You need this: mysql_real_escape_string for use with any string type data in the query. Where does this go in the code ? Please advise:) Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290147 Share on other sites More sharing options...
Maq Posted November 21, 2011 Share Posted November 21, 2011 I recommend calling the mysql_real_escape_string when you create your variables from the $_POST array. Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290148 Share on other sites More sharing options...
mysqlconfused Posted November 21, 2011 Author Share Posted November 21, 2011 I recommend calling the mysql_real_escape_string when you create your variables from the $_POST array. I am so sorry could you give me a code ex. I am so new and trying to learn and have looked up where this should go so many times Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290152 Share on other sites More sharing options...
Maq Posted November 21, 2011 Share Posted November 21, 2011 $message=mysql_real_escape_string($_POST['message']); Quote Link to comment https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/#findComment-1290156 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.