Strange Syntax Error

forumnz · January 27, 2008

My code is meant to email someone and insert the data into db. It just gives the error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

You have been emailed because submitted your email address through th' at line 3

Here is my code - please help:

<?php

$name = $_POST['name'];
$business_name = $_POST['business_name'];
$emailm = $_POST['email'];
$contact = $_POST['contact'];
$id = $_POST['id'];

include('connectdb.php');

$sql ="SELECT * FROM `fflists` WHERE `id`='$id'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result))
  {
  $email = $row['email'];
  $uname = $row['name'];
  }
  
  # Below is for business
$message = "Hi " . $uname . ", <br /><br />" . $name . " has seen your " . $business_name . " listing on FoodFinder. They have written a message for you. Please note, this message has not been screened by FoodFinder staff and is not responsible for it's content.<br /><br />Regards,<br />FoodFinder Staff<br /><br />Submitted Content:<br /><br />Name: " . $name . "<br />Contact: " . $contact . "<br />Message: " . $emailm . "";
$subject = "FoodFinder Contact";
  
mail($cemail,$subject,$message,$headers);

include('connectdb.php');

$sql = ("INSERT INTO submitted_emails (buzzid, name, contact, message, email)
VALUES
('$id','$name','$contact','$emailm',$message)");

  if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }

?>

Thanks!

papaface · January 27, 2008

should be:

<?php

$name = $_POST['name'];
$business_name = $_POST['business_name'];
$emailm = $_POST['email'];
$contact = $_POST['contact'];
$id = $_POST['id'];

include('connectdb.php');

$sql ="SELECT * FROM `fflists` WHERE `id`='$id'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result))
  {
  $email = $row['email'];
  $uname = $row['name'];
  }
  
  # Below is for business
$message = "Hi " . $uname . ", <br /><br />" . $name . " has seen your " . $business_name . " listing on FoodFinder. They have written a message for you. Please note, this message has not been screened by FoodFinder staff and is not responsible for it's content.<br /><br />Regards,<br />FoodFinder Staff<br /><br />Submitted Content:<br /><br />Name: " . $name . "<br />Contact: " . $contact . "<br />Message: " . $emailm . "";
$subject = "FoodFinder Contact";
  
mail($cemail,$subject,$message,$headers);

include('connectdb.php');

$sql = ("INSERT INTO submitted_emails (buzzid, name, contact, message, email)
VALUES
('$id','$name','$contact','$emailm','$message')");

  if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }

?>

forumnz · January 27, 2008

That didn't work? I now get:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's content.

Regards,
FoodFinder Staff

Submitted Conten' at line 3

PHP Monkeh · January 27, 2008

Either addslashes() or mysql_real_escape_string() the strings you're inputting. The reason it'll be generating errors is because you have an apostrophe in one of your inputs somewhere.

Do this at your string input stage:

<?php

$name = mysql_real_escape_string($_POST['name']);

// OR

$name = addslashes($_POST['name']);

?>

Sign In

Strange Syntax Error

Recommended Posts

forumnz

Link to comment

Share on other sites

papaface

Link to comment

Share on other sites

forumnz

Link to comment

Share on other sites

PHP Monkeh

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information