Jump to content

Unknown Mysql Syntax Error Please Help

mysqlconfused

By mysqlconfused
in MySQL Help

Recommended Posts

mysqlconfused Newbie

mysqlconfused

Posted
Posted

Hello I have a form that goes to mysql db. The message portion of the form will not take characters like  "" ' and it gives me this error when it is inputted and then a blank insertion is then inputted into the db. Please help me as I do not know how to fix this issue and this is very time sensitive.

 

Here is the link www.pesttrackers.com/func.inc.php and then the link Report a pest issue. After the form is filled out I get this error: Insert Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's of Eggs all over. eww!! so i had to stay with my mom while it took Terminix 2w' at line 7

 

If I take out the characters it does not like it will go through.

 

Here is the php and mysql code I am using:

 

<?php
/* Change db and connect values if using online */
$name=$_POST['name'];
$address=$_POST['address'];
$lat=$_POST['lat'];
$lng=$_POST['lng'];
$email=$_POST['email'];
$message=$_POST['message'];
$postalcode=$_POST['postalcode'];

?>
<?php
require("mysql_connect.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());



$query = sprintf("SELECT * FROM markers WHERE name='%s' AND message='%s'",
            mysql_real_escape_string($name),
            mysql_real_escape_string($message));

$result=mysql_query("INSERT INTO markers (name, address, lat, lng, email, message, postalcode) VALUES (
'$name',
'$address', 
'$lat',
'$lng',
'$email',
'$message',
'$postalcode')") or die("Insert Error: ".mysql_error());
mysql_close($conn);
?>

   <?php
require("mysql.php");

$conn = mysql_connect($dbhost, $dbusername,$dbpass,$dbname);

mysql_select_db($dbname);
if (! $conn)
die(mysql_error());
mysql_select_db($dbname , $conn) or die("Select Error: ".mysql_error());


$result = mysql_query("SELECT message, address, postalcode FROM markers ORDER BY ID DESC LIMIT 1");


while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
    printf("<b>Message:</b><br/><br/>  %s <br/><br/><br/><b>Address:</b><br/> <br/>%s<br/><br/><b>Postal Code/Zip Code:</b><br/><b><br/>%s<br/>", $row[0], $row[1], $row[2],$row[3]);  
}

mysql_free_result($result);
mysql_close($conn);
?>

 

Can someone pretty please help me with this issue I would be forever grateful as I have looked at the mysql_real_escape_string() and I have tried many other code tutorials and cannot seem to get this to work.

Link to comment
https://forums.phpfreaks.com/topic/251569-unknown-mysql-syntax-error-please-help/
Share on other sites
mysqlconfused Newbie

mysqlconfused

Posted
  • Author
Posted

I recommend calling the mysql_real_escape_string when you create your variables from the $_POST array.

 

I am so sorry could you give me a code ex. I am so new and trying to learn and have looked up where this should go so many times

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.