|
|
Posted by Jerry Stuckle on 08/08/07 15:04
dkruger wrote:
> Hi all,
>
> I am having a problem with one of my scripts that when the data
> contains an apostrophe in any of the fields it is causing a query
> error with mysql, however the data is still being inserted into the
> table. I am using addslashes to add the needed backslash prior to the
> apostrophes, and when printing the query that is used, it looks like
> the following:
>
> INSERT INTO dbo_SC_Data
> (Requestor,Work_Order_Type,Subject,Date_Request,Date_Completed,Summary_Request,Notify,comp_time_hrs)
> VALUES ('ITGENERAL','Alchemy','test
> \'s','2007-08-08','0000-00-00','this is getting annoying...the query
> works when done directly to mysql client\'s, but will not work when
> sent through php...',0,0)
>
> The message I receive on the page is:
>
> Query failed: You have an error in your SQL syntax; check the manual
> that corresponds to your MySQL server version for the right syntax to
> use near 's' AND Date_Request='2007-08-08'' at line 1
>
> If I copy the query exactly as printed on the page, and paste directly
> into the mysql client, the query is processed without any errors. The
> php code is following:
>
> $subject = addslashes($subject);
> $sreq = addslashes($sreq);
> $scomp = addslashes($scomp);
> $qry = "INSERT INTO dbo_SC_Data
> (Requestor,Work_Order_Type,Subject,Date_Request,Date_Completed,Summary_Request,Notify,comp_time_hrs)
> VALUES ('".$requestor."','".$wotype."','".$subject."','".
> $mreqdate."','".$compdate."','".$sreq."',0,0)";
>
> The above code is in a function that ends up calling a seperate
> function to connect to mysql and run the query. I am posting this in
> the php group, since the query when copied to the mysql works
> properly, and so I am thinking it is some issue with the php on my
> system.
>
> Thanks,
> david
>
Use mysql_real_escape_string() instead of addslashes(). That's what
it's there for.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
[Back to original message]
|