Imri-Persiado Posted October 30, 2013 Share Posted October 30, 2013 That's the error I get: Error3: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sprint spikes'', ''Nike'', '' at line 2 For the following code: function post($type, $brand, $gender, $size, $hand, $isNew, $price, $desc, $imgname, $name, $userid, $phone) { $con=connect(); if (!$con) die('Could not connect: ' . mysql_error()); // Check connection $type = check_input ($type); $brand = check_input ($brand); $gender = check_input ($gender); $size = check_input ($size); $hand = check_input ($hand); $price = check_input ($price); $desc = check_input ($desc); $imgname = check_input ($name); $userid = check_input ($usid); $name = check_input ($name); $phone = check_input ($phone); $date = date("Y/m/d"); $sql="INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone) VALUES('$type', '$brand', '$gender', '$size', '$hand', '$isNew', '$price', '$desc', '$imgname', '$date', '$name', '$userid', '$phone')"; if (!mysql_query($sql,$con)){ die('Error3: ' . mysql_error($con)); } mysql_close($con); } function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()) $value = stripslashes($value); // Quote if not a number if (!is_numeric($value)) $value = "'" . mysql_real_escape_string($value) . "'"; return $value; } I really don't understand what I'm doing wrong.. Quote Link to comment Share on other sites More sharing options...
Solution Ch0cu3r Posted October 30, 2013 Solution Share Posted October 30, 2013 Your check_input() function is encapsulating values within single quotes and you are also encapsulating each value in the query with single quotes too. In affect your values in the query are wrapped in single quotes twice. This is what is causing the error. To fix the error change $value = "'" . mysql_real_escape_string($value) . "'"; to just $value = mysql_real_escape_string($value); Quote Link to comment Share on other sites More sharing options...
objnoob Posted October 30, 2013 Share Posted October 30, 2013 I would have taken a different approach! Instead of modifying if(!is_numeric($value)) $value = "'" . mysql_real_escape_string($value) . "'"; I'd modify $sql="INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone) VALUES($type, $brand, $gender, $size, $hand, $isNew, $price, $desc, $imgname, $date, $name, $userid, $phone)"; Quote Link to comment Share on other sites More sharing options...
Imri-Persiado Posted October 30, 2013 Author Share Posted October 30, 2013 Thank you guys! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.