mayman212 Posted November 23, 2011 Share Posted November 23, 2011 when I post something into my html form, for example in the first name field, I enter in: John', i am getting the following error: Error in query: . You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Smith',Address_Line_1='rtuy657tr',Address_Line_2='',City='leicester',Postcode='L' at line 1 I know it has something to do with preparing the data before inserting it into the database. Anyone know what I have to do to fix it? Quote Link to comment https://forums.phpfreaks.com/topic/251672-sql-syntax-error/ Share on other sites More sharing options...
Adam Posted November 23, 2011 Share Posted November 23, 2011 You're using single quotes around the column values in your SQL query, so when you have a single quote within a variable the resulting string contains two single quotes, breaking the syntax. You need to use mysql_real_escape_string to escape any quotes, but also to protect yourself against SQL injections. You should always escape any form of user input used in a query! Quote Link to comment https://forums.phpfreaks.com/topic/251672-sql-syntax-error/#findComment-1290698 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.