dewey_witt Posted December 1, 2007 Share Posted December 1, 2007 Does anyone see whats wrong with this? <?php $rand = "SELECT * FROM `magic_cards` ORDER BY RAND() LIMIT 0,3;"; $card= mysql_query($rand, $connection) or die (mysql_error()); if (mysql_num_rows($card) > 0) { while ($row = mysql_fetch_array($card)) { $card_name = stripslashes($row['card_name']); $edition = $row['edition']; $Rarity = $row['Rarity']; $cond = $row['cond']; $image = stripslashes($row['image_name']); $ed .= mysql_query ("INSERT INTO `qm_cards` (`Fname`, `Lname`, `Username`, `card_name`, `Rarity`, `Condition`, `Edition`) VALUES ( '".$_POST['Fname']."','".$_POST['Lname']."', '".$_POST['Username']."', '$card_name', '$Rarity', '$cond', '$edition')", $connection) or die(mysql_error()); } } ?> The error Im getting is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Tome', 'Rare', 'Near Mint', 'Tempest')' at line 1 Any help greatly appriciated... Quote Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/ Share on other sites More sharing options...
dewey_witt Posted December 1, 2007 Author Share Posted December 1, 2007 Am I asking an ignorant question? Quote Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403738 Share on other sites More sharing options...
rab Posted December 1, 2007 Share Posted December 1, 2007 <?php $rand = "SELECT * FROM `magic_cards` ORDER BY RAND() LIMIT 0,3"; $card= mysql_query($rand, $connection) or die (mysql_error()); while($row = mysql_fetch_array($card)) { $card_name = mysql_real_escape_string(stripslashes($row['card_name'])); $edition = mysql_real_escape_string($row['edition']); $Rarity = mysql_real_escape_string($row['Rarity']); $cond = mysql_real_escape_string($row['cond']); $image = mysql_real_escape_string(stripslashes($row['image_name'])); $ed = mysql_query("INSERT INTO `qm_cards` (`Fname`, `Lname`, `Username`, `card_name`, `Rarity`, `Condition`, `Edition`) VALUES ( '".mysql_real_escape_string($_POST['Fname'])."','".mysql_real_escape_string($_POST['Lname'])."', '".mysql_real_escape_string($_POST['Username'])."', '$card_name', '$Rarity', '$cond', '$edition')", $connection) or die(mysql_error()); } ?> Just a quick cleanup, try it. Quote Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403740 Share on other sites More sharing options...
toplay Posted December 1, 2007 Share Posted December 1, 2007 Please don't post twice right away. You could have updated your original post. Also, post MySQL related problems in the mysql area. I'm moving it there. Use http://us2.php.net/manual/en/function.mysql-real-escape-string.php on any input you receive from a form. Help yourself debug this by displaying the query and looking at it and trying it outside of PHP. Quote Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403741 Share on other sites More sharing options...
dewey_witt Posted December 1, 2007 Author Share Posted December 1, 2007 TY rab your awsome! And yes I guess i was a lil hasty toplay next time I'll be much more patient.... And thanks again! Quote Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403743 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.