kumarrana Posted January 4, 2008 Share Posted January 4, 2008 I am writing a blog, but I have been getting same error on my mysql. My MySQL field types are postid/(int(6)), title/(varchar(200)), category/(varchar(200)), post/(longtext), identification/(int(11)), date_crated/(timestamp). What I noticed is when I have really long post (100 words), I get error like " You have an error in your SQL syntax". Plus my timestamps is giving all zero values. Anybody has any idea what is wrong with my table? Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/ Share on other sites More sharing options...
awpti Posted January 4, 2008 Share Posted January 4, 2008 You're probably not escaping single or doublequotes and are inadvertently causing a little SQL Injection mischief. make sure to escape all content being inserted ( mysql_real_escape_string() ) Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430033 Share on other sites More sharing options...
kumarrana Posted January 4, 2008 Author Share Posted January 4, 2008 I am using stripslashes(). Like $title = stripslashes($_POST['title']). Doesn't it do like mysql_real_escape_string()? Can you give a analogous example? That would be grea. Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430035 Share on other sites More sharing options...
redarrow Posted January 4, 2008 Share Posted January 4, 2008 can we see the code that why we help? Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430037 Share on other sites More sharing options...
kumarrana Posted January 4, 2008 Author Share Posted January 4, 2008 function dump_in_mysql_post() { $title = stripslashes($_POST['title']); $category = stripslashes($_POST['category']); $body = stripslashes($_POST['body']); echo $title . "<br>". $category . "<br>" . $body . "<br>"; $dump_in_mysql_post = "INSERT INTO `post` VALUES('$postid', '$title', '$category', '$body', '$identification', '$date_created')"; $dump_in_mysql_post = mysql_query($dump_in_mysql_post); if(!$dump_in_mysql_post) { echo "Error on querying post ". "<b> ". mysql_error() . "</b>"; } else { echo "Title : " . $title . " <br> " ; echo "Category: " . $category . " <br> "; echo "Body: " . $body . " <br> "; echo "Identification : " . $identification; echo "Blog entry has been submitted"; } } Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430041 Share on other sites More sharing options...
awpti Posted January 4, 2008 Share Posted January 4, 2008 You don't want to stripslashes, you want to use mysql_real_escape_string - this escapes content to make it "query-safe". Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430042 Share on other sites More sharing options...
Northern Flame Posted January 4, 2008 Share Posted January 4, 2008 stripslashes() and mysql_real_escape_string() are nothing alike! use mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430043 Share on other sites More sharing options...
redarrow Posted January 4, 2008 Share Posted January 4, 2008 change timestamp table to int(35) change timestamp to now() in the insert use the mysql_real_escape_string() function Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430046 Share on other sites More sharing options...
kumarrana Posted January 4, 2008 Author Share Posted January 4, 2008 Great! Seem to be working. . Thanks a lot. Link to comment https://forums.phpfreaks.com/topic/84421-mysql-error/#findComment-430053 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.