Jump to content

Archived

This topic is now archived and is closed to further replies.

asgsoft

SQL php question

Recommended Posts

I am making a script that allows you to enter messages and store in a db.

It works perfect on localhost but when I put it on a server I get this error:

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's OK', '', '')' at line 2
[/quote]

I gathered it was to do with the fact I have an [b]'[/b] in the message.

Is there a way to get rid of it.

This is my sql query:

[code]
mysql_query("INSERT INTO `sim` ( `id` , `name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file` , `rating` )
VALUES ('$id', '$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', '$file', '')") or die(mysql_error());
[/code]

Thanks for your help in advance

Share this post


Link to post
Share on other sites
You'll need to escape the fields which may contain apostrophes using the [a href=\"http://au3.php.net/addslashes\" target=\"_blank\"]addslashes() function [/a] (or something similiar)

Share this post


Link to post
Share on other sites
[!--quoteo(post=358505:date=Mar 26 2006, 10:18 PM:name=asgsoft)--][div class=\'quotetop\']QUOTE(asgsoft @ Mar 26 2006, 10:18 PM) [snapback]358505[/snapback][/div][div class=\'quotemain\'][!--quotec--]
But I need them.
[/quote]

Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form.

Share this post


Link to post
Share on other sites
if your using mysql,

escape using mysql_real_escape_string

Share this post


Link to post
Share on other sites
[!--quoteo(post=358508:date=Mar 26 2006, 08:09 AM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Mar 26 2006, 08:09 AM) [snapback]358508[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Addslashes puts backslashes before all of the apostrophes to prevent them breaking the query as you insert the data. They are still stored in the database - just in the form \'. When you need to print the data out you use stripslashes() to remove all of the backslashes and print the data in its original form.
[/quote]


i did it and i am getting this error now:

[code]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'n)', 'Keyboard', 'testing the it\'s ok', '', '')' at line 2[/code]

Share this post


Link to post
Share on other sites
Try echoing the query you are executing and see if you can spot whats wrong with it. Perhaps paste it here so we can see what its doing.

Share this post


Link to post
Share on other sites
here is my php code. how do i echo the query?

[code]
<?php
session_start();
$password = $_SESSION['password'];
$username = $_SESSION['username'];
include 'config.php';
mysql_connect("$host", "$user", "$pass") or die(mysql_error());
mysql_select_db("$dbname") or die(mysql_error());


$res = mysql_query("SELECT * FROM members WHERE username='$username' AND password='$password'") or die(mysql_error());
if(mysql_num_rows($res) == 1)
{
while($get=mysql_fetch_array($res))
{

$name = $_POST['name'];
$artist = $username;
$category = $_POST['category'];
$bpm = $_POST['bpm'];
$stype = $_POST['type'];
$padkey = $_POST['padkey'];
$description = $_POST['description'];
$file = $_FILES['file']['name'];

if(!empty($file)){
$type=$_FILES['file']['type'];
move_uploaded_file($_FILES['file']['tmp_name'], "Upload/" . $_FILES['file']['name']);
echo "<strong>Upload Complete! Please press next</strong><br>";
}
}
mysql_query("INSERT INTO `sim` (`name` , `artist` , `category` , `bpm` , `type` , `padkey` , `description` , `file`)
VALUES ('$name', '$artist', '$category', '$bpm', '$stype', '$padkey', '$description', ''$file)") or die(mysql_error());

mysql_query("UPDATE members SET `amount` =(amount + 1)WHERE username='$username' AND password='$password'");
echo "Your File has been added Succefully";
}else
{
echo("<center><font face=\"Verdana\">Sorry, your not logged in, proceed <a href=\"login.php\">here</a> to login.");
}

?>[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.