dewey_witt Posted December 1, 2007 Share Posted December 1, 2007 Does anyone see whats wrong with this? <?php $rand = "SELECT * FROM `magic_cards` ORDER BY RAND() LIMIT 0,3;"; $card= mysql_query($rand, $connection) or die (mysql_error()); if (mysql_num_rows($card) > 0) { while ($row = mysql_fetch_array($card)) { $card_name = stripslashes($row['card_name']); $edition = $row['edition']; $Rarity = $row['Rarity']; $cond = $row['cond']; $image = stripslashes($row['image_name']); $ed .= mysql_query ("INSERT INTO `qm_cards` (`Fname`, `Lname`, `Username`, `card_name`, `Rarity`, `Condition`, `Edition`) VALUES ( '".$_POST['Fname']."','".$_POST['Lname']."', '".$_POST['Username']."', '$card_name', '$Rarity', '$cond', '$edition')", $connection) or die(mysql_error()); } } ?> The error Im getting is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Tome', 'Rare', 'Near Mint', 'Tempest')' at line 1 Any help greatly appriciated... Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/ Share on other sites More sharing options...
dewey_witt Posted December 1, 2007 Author Share Posted December 1, 2007 Am I asking an ignorant question? Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403738 Share on other sites More sharing options...
rab Posted December 1, 2007 Share Posted December 1, 2007 <?php $rand = "SELECT * FROM `magic_cards` ORDER BY RAND() LIMIT 0,3"; $card= mysql_query($rand, $connection) or die (mysql_error()); while($row = mysql_fetch_array($card)) { $card_name = mysql_real_escape_string(stripslashes($row['card_name'])); $edition = mysql_real_escape_string($row['edition']); $Rarity = mysql_real_escape_string($row['Rarity']); $cond = mysql_real_escape_string($row['cond']); $image = mysql_real_escape_string(stripslashes($row['image_name'])); $ed = mysql_query("INSERT INTO `qm_cards` (`Fname`, `Lname`, `Username`, `card_name`, `Rarity`, `Condition`, `Edition`) VALUES ( '".mysql_real_escape_string($_POST['Fname'])."','".mysql_real_escape_string($_POST['Lname'])."', '".mysql_real_escape_string($_POST['Username'])."', '$card_name', '$Rarity', '$cond', '$edition')", $connection) or die(mysql_error()); } ?> Just a quick cleanup, try it. Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403740 Share on other sites More sharing options...
toplay Posted December 1, 2007 Share Posted December 1, 2007 Please don't post twice right away. You could have updated your original post. Also, post MySQL related problems in the mysql area. I'm moving it there. Use http://us2.php.net/manual/en/function.mysql-real-escape-string.php on any input you receive from a form. Help yourself debug this by displaying the query and looking at it and trying it outside of PHP. Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403741 Share on other sites More sharing options...
dewey_witt Posted December 1, 2007 Author Share Posted December 1, 2007 TY rab your awsome! And yes I guess i was a lil hasty toplay next time I'll be much more patient.... And thanks again! Link to comment https://forums.phpfreaks.com/topic/79728-solved-simple-querry-question/#findComment-403743 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.