Jump to content

Recommended Posts

Hello I have a form that goes to mysql db. The message portion of the form will not take characters like  "" ' and it gives me this error when it is inputted and then a blank insertion is then inputted into the db. Please help me as I do not know how to fix this issue and this is very time sensitive.

 

Here is the link www.pesttrackers.com/func.inc.php and then the link Report a pest issue. After the form is filled out I get this error: Insert Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's of Eggs all over. eww!! so i had to stay with my mom while it took Terminix 2w' at line 7

 

If I take out the characters it does not like it will go through.

 

Here is the php and mysql code I am using:

 

<?php
/* Change db and connect values if using online */
$name=$_POST['name'];
$address=$_POST['address'];
$lat=$_POST['lat'];
$lng=$_POST['lng'];
$email=$_POST['email'];
$message=$_POST['message'];
$postalcode=$_POST['postalcode'];

?>
<?php
require("mysql_connect.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());



$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'",
            mysql_real_escape_string($name),
            mysql_real_escape_string($message));

$result=mysql_query("INSERT INTO markers (name, address, lat, lng, email, message, postalcode) VALUES (
'$name',
'$address', 
'$lat',
'$lng',
'$email',
'$message',
'$postalcode')") or die("Insert Error: ".mysql_error());
mysql_close($conn);
?>

   <?php
require("mysql.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());


$result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1");


while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("<b>Message:</b><br/><br/>  %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);  
}

mysql_free_result($result);
mysql_close($conn);
?>

 

Can someone pretty please help me with this issue I would be forever grateful as I have looked at the mysql_real_escape_string() and I have tried many other code tutorials and cannot seem to get this to work.

Link to comment
https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/
Share on other sites

I recommend calling the mysql_real_escape_string when you create your variables from the $_POST array.

 

I am so sorry could you give me a code ex. I am so new and trying to learn and have looked up where this should go so many times

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.