pixeltrace Posted March 9, 2007 Share Posted March 9, 2007 guys, i need help, i have a form wherein you can copy and paste your text resume inside everything is working fine in the form except for the page wherein, it updates the database i am getting an error message on the line where my email address falls: error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near [email protected] how to fix this? i already tried using stripslashes but i wasnt able to fix the problem below is the code for my updateresume.php page <?php session_start(); if (session_is_registered("username")){ if($_SESSION['account_type'] == 'applicant'){ //if(($_SESSION['user_level'] == administrator) || ($_SESSION['user_level'] == staff)){ include '../admean/db_connect.php'; $username = $_POST['username']; $appid = $_POST['appid']; $resume = $_POST['resume']; $resume = stripslashes($resume); $sql="UPDATE applicant SET resume='$resume WHERE username='$username'"; mysql_query($sql) or die("error:".mysql_error()); echo '<script language=javascript> alert("Your resume has been updated!");top.location = "profile.php?id=1&appid='.$appid.'";</script>'; }else{ echo "<font face=\"Arial\">You are not authorized to access this page ... Please <a href='../index.php'>Login</a></font>"; } } ?> hope you could help me with this. thanks! Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/ Share on other sites More sharing options...
papaface Posted March 9, 2007 Share Posted March 9, 2007 should be: $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203507 Share on other sites More sharing options...
kenrbnsn Posted March 9, 2007 Share Posted March 9, 2007 You're missing an ending single quote in this line: <?php $sql="UPDATE applicant SET resume='$resume WHERE username='$username'"; ?> it should be <?php $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; ?> In addition, you really should be passing all text through the mysql_real_escape_string() function before putting the strings into the query: <?php $username = mysql_real_escape_string(stripslashes($_POST['username'])); $appid = $_POST['appid']; $resume = mysql_real_escape_string(stripslashes($_POST['resume'])); $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; $rs = mysql_query($sql) or die("Problem with the query<pre>$sql</pre><br>:".mysql_error()); ?> Ken Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203510 Share on other sites More sharing options...
pixeltrace Posted March 9, 2007 Author Share Posted March 9, 2007 oh, i missed that one ' hehehe. thanks! Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203512 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.