asgsoft Posted March 26, 2006 Share Posted March 26, 2006 I am making a script that allows you to enter messages and store in a db.It works perfect on localhost but when I put it on a server I get this error:[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's OK', '', '')' at line 2[/quote]I gathered it was to do with the fact I have an [b]'[/b] in the message.Is there a way to get rid of it.This is my sql query:[code]mysql_query("INSERT INTO `sim` ( `id` , `name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file` , `rating` )VALUES ('$id', '$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', '$file', '')") or die(mysql_error()); [/code]Thanks for your help in advance Quote Link to comment Share on other sites More sharing options...
khendar Posted March 26, 2006 Share Posted March 26, 2006 You'll need to escape the fields which may contain apostrophes using the [a href=\"http://au3.php.net/addslashes\" target=\"_blank\"]addslashes() function [/a] (or something similiar) Quote Link to comment Share on other sites More sharing options...
asgsoft Posted March 26, 2006 Author Share Posted March 26, 2006 But I need them. Quote Link to comment Share on other sites More sharing options...
khendar Posted March 26, 2006 Share Posted March 26, 2006 [!--quoteo(post=358505:date=Mar 26 2006, 10:18 PM:name=asgsoft)--][div class=\'quotetop\']QUOTE(asgsoft @ Mar 26 2006, 10:18 PM) [snapback]358505[/snapback][/div][div class=\'quotemain\'][!--quotec--]But I need them.[/quote]Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form. Quote Link to comment Share on other sites More sharing options...
mlin Posted March 26, 2006 Share Posted March 26, 2006 if your using mysql,escape using mysql_real_escape_string Quote Link to comment Share on other sites More sharing options...
asgsoft Posted March 26, 2006 Author Share Posted March 26, 2006 [!--quoteo(post=358508:date=Mar 26 2006, 08:09 AM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Mar 26 2006, 08:09 AM) [snapback]358508[/snapback][/div][div class=\'quotemain\'][!--quotec--]Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form.[/quote]i did it and i am getting this error now:[code]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n)', 'Keyboard', 'testing the it\'s ok', '', '')' at line 2[/code] Quote Link to comment Share on other sites More sharing options...
khendar Posted March 26, 2006 Share Posted March 26, 2006 Try echoing the query you are executing and see if you can spot whats wrong with it. Perhaps paste it here so we can see what its doing. Quote Link to comment Share on other sites More sharing options...
asgsoft Posted March 30, 2006 Author Share Posted March 30, 2006 I can't ech it Quote Link to comment Share on other sites More sharing options...
ober Posted March 30, 2006 Share Posted March 30, 2006 Why not?? Quote Link to comment Share on other sites More sharing options...
asgsoft Posted March 31, 2006 Author Share Posted March 31, 2006 i don't know. Quote Link to comment Share on other sites More sharing options...
asgsoft Posted April 2, 2006 Author Share Posted April 2, 2006 here is my php code. how do i echo the query?[code]<?php session_start(); $password = $_SESSION['password']; $username = $_SESSION['username']; include 'config.php';mysql_connect("$host", "$user", "$pass") or die(mysql_error()); mysql_select_db("$dbname") or die(mysql_error());$res = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password'") or die(mysql_error()); if(mysql_num_rows($res) == 1) { while($get=mysql_fetch_array($res)) { $name = $_POST['name'];$artist = $username;$category = $_POST['category'];$bpm = $_POST['bpm'];$stype = $_POST['type'];$padkey = $_POST['padkey'];$description = $_POST['description'];$file = $_FILES['file']['name'];if(!empty($file)){$type=$_FILES['file']['type'];move_uploaded_file($_FILES['file']['tmp_name'], "Upload/" . $_FILES['file']['name']);echo "<strong>Upload Complete! Please press next</strong><br>";}} mysql_query("INSERT INTO `sim` (`name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file`)VALUES ('$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', ''$file)") or die(mysql_error()); mysql_query("UPDATE members SET `amount` =(amount + 1)WHERE username='$username' AND password='$password'");echo "Your File has been added Succefully";}else { echo("<center><font face=\"Verdana\">Sorry, your not logged in, proceed <a href=\"login.php\">here</a> to login."); } ?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.