mySQL error

[Kingy]

i keep getting this error

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 're There'' at line 1

 

You're There" is the $title

 

<?php

     $dwncheck = mysql_query("SELECT * FROM downloads WHERE title='$title'") or die(mysql_error());
     $dwncheck = mysql_num_rows($dwncheck);
     if ($dwncheck < 1) {
       $dwninsert = mysql_query("INSERT INTO downloads (title, category) VALUES ('$title', '$category', '$date')") or die(mysql_error());
       echo "<b>$title</b><br /> Category: $category <br /> <br />";
     } 
?> 

[powerspike]

INSERT INTO downloads (title, category) VALUES ('$title', '$category', '$date')

 

you are basicly trying to insert three bits of data into two fields.

 

you'll need to change the (title,category) to (title,category,time) where "time" is the name of your time/date field.

 

[Kingy]

yeah thats not the error, i just pasted an old bit of code sorry, i've fixed that up but its the title that is ruining it..

 

i think its because the title has a ' in it, because the first four entries are inserting no problem but it stops at this entry and gives me this error.

[darkfreaks]

<?php

mysql_query("SELECT * FROM downloads WHERE title=$title") or die(mysql_error());
?>

[kenrbnsn]

You need to use the function mysql_real_escape_string() on any string that is sent from outside of your script:

<?php
$q = "SELECT * FROM downloads WHERE title='" . mysql_real_escape_string($title) . "'";
$rs = mysql_query($q) or die("Problem with the query: $q<br>" . mysql_error());
?>

 

Ken