Jump to content


Photo

SQL php question


  • Please log in to reply
10 replies to this topic

#1 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 26 March 2006 - 12:08 PM

I am making a script that allows you to enter messages and store in a db.

It works perfect on localhost but when I put it on a server I get this error:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's OK', '', '')' at line 2
[/quote]

I gathered it was to do with the fact I have an ' in the message.

Is there a way to get rid of it.

This is my sql query:

mysql_query("INSERT INTO `sim` ( `id` , `name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file` , `rating` )
VALUES ('$id', '$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', '$file', '')") or die(mysql_error()); 

Thanks for your help in advance

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips


#2 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 26 March 2006 - 12:42 PM

You'll need to escape the fields which may contain apostrophes using the [a href=\"http://au3.php.net/addslashes\" target=\"_blank\"]addslashes() function [/a] (or something similiar)

#3 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 26 March 2006 - 12:48 PM

But I need them.

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips


#4 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 26 March 2006 - 01:09 PM

[!--quoteo(post=358505:date=Mar 26 2006, 10:18 PM:name=asgsoft)--][div class=\'quotetop\']QUOTE(asgsoft @ Mar 26 2006, 10:18 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
But I need them.
[/quote]

Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form.

#5 mlin

mlin
  • Members
  • PipPipPip
  • Advanced Member
  • 91 posts

Posted 26 March 2006 - 02:08 PM

if your using mysql,

escape using mysql_real_escape_string

#6 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 26 March 2006 - 03:32 PM

[!--quoteo(post=358508:date=Mar 26 2006, 08:09 AM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Mar 26 2006, 08:09 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form.
[/quote]


i did it and i am getting this error now:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n)', 'Keyboard', 'testing the it\'s ok', '', '')' at line 2

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips


#7 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 26 March 2006 - 11:01 PM

Try echoing the query you are executing and see if you can spot whats wrong with it. Perhaps paste it here so we can see what its doing.

#8 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 30 March 2006 - 03:57 PM

I can't ech it

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips


#9 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 30 March 2006 - 04:40 PM

Why not??

Info: PHP Manual


#10 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 31 March 2006 - 11:11 AM

i don't know.

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips


#11 asgsoft

asgsoft
  • Members
  • PipPipPip
  • Advanced Member
  • 56 posts

Posted 02 April 2006 - 12:36 PM

here is my php code. how do i echo the query?

<?php 
session_start(); 
$password = $_SESSION['password']; 
$username = $_SESSION['username']; 
include 'config.php';
mysql_connect("$host", "$user", "$pass") or die(mysql_error()); 
mysql_select_db("$dbname") or die(mysql_error());


$res = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password'") or die(mysql_error()); 
if(mysql_num_rows($res) == 1) 
{ 
while($get=mysql_fetch_array($res)) 
{ 
 
$name = $_POST['name'];
$artist = $username;
$category = $_POST['category'];
$bpm = $_POST['bpm'];
$stype = $_POST['type'];
$padkey = $_POST['padkey'];
$description = $_POST['description'];
$file = $_FILES['file']['name'];

if(!empty($file)){
$type=$_FILES['file']['type'];
move_uploaded_file($_FILES['file']['tmp_name'], "Upload/" . $_FILES['file']['name']);
echo "<strong>Upload Complete! Please press next</strong><br>";
}
} 
mysql_query("INSERT INTO `sim` (`name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file`)
VALUES ('$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', ''$file)") or die(mysql_error()); 

mysql_query("UPDATE members SET `amount` =(amount + 1)WHERE username='$username' AND password='$password'");
echo "Your File has been added Succefully";
}else 
{ 
echo("<center><font face=\"Verdana\">Sorry, your not logged in, proceed <a href=\"login.php\">here</a> to login."); 
} 

?>

Free SEO and Domain tools |HTML ENT| Your Source to expired domains with PageRank & tips





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users