pixeltrace Posted March 9, 2007 Share Posted March 9, 2007 guys, i need help, i have a form wherein you can copy and paste your text resume inside everything is working fine in the form except for the page wherein, it updates the database i am getting an error message on the line where my email address falls: error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near pixeltrace@gmail.com how to fix this? i already tried using stripslashes but i wasnt able to fix the problem below is the code for my updateresume.php page <?php session_start(); if (session_is_registered("username")){ if($_SESSION['account_type'] == 'applicant'){ //if(($_SESSION['user_level'] == administrator) || ($_SESSION['user_level'] == staff)){ include '../admean/db_connect.php'; $username = $_POST['username']; $appid = $_POST['appid']; $resume = $_POST['resume']; $resume = stripslashes($resume); $sql="UPDATE applicant SET resume='$resume WHERE username='$username'"; mysql_query($sql) or die("error:".mysql_error()); echo '<script language=javascript> alert("Your resume has been updated!");top.location = "profile.php?id=1&appid='.$appid.'";</script>'; }else{ echo "<font face=\"Arial\">You are not authorized to access this page ... Please <a href='../index.php'>Login</a></font>"; } } ?> hope you could help me with this. thanks! Quote Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/ Share on other sites More sharing options...
papaface Posted March 9, 2007 Share Posted March 9, 2007 should be: $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; Quote Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203507 Share on other sites More sharing options...
kenrbnsn Posted March 9, 2007 Share Posted March 9, 2007 You're missing an ending single quote in this line: <?php $sql="UPDATE applicant SET resume='$resume WHERE username='$username'"; ?> it should be <?php $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; ?> In addition, you really should be passing all text through the mysql_real_escape_string() function before putting the strings into the query: <?php $username = mysql_real_escape_string(stripslashes($_POST['username'])); $appid = $_POST['appid']; $resume = mysql_real_escape_string(stripslashes($_POST['resume'])); $sql="UPDATE applicant SET resume='$resume' WHERE username='$username'"; $rs = mysql_query($sql) or die("Problem with the query<pre>$sql</pre><br>:".mysql_error()); ?> Ken Quote Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203510 Share on other sites More sharing options...
pixeltrace Posted March 9, 2007 Author Share Posted March 9, 2007 oh, i missed that one ' hehehe. thanks! Quote Link to comment https://forums.phpfreaks.com/topic/41973-solved-how-to-allow-in-sql-query/#findComment-203512 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.