8 Replies - 676 Views - Last Post: 04 January 2010 - 09:32 PM Rate Topic: -----

#1 johnd07  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 32
  • Joined: 22-January 09

Help with SQl query

Posted 03 January 2010 - 08:07 PM

So I have this query that's causing problems.. here it is

$query = "INSERT INTO  `articles` (`aid` ,`title` ,`writtenby` ,`category` ,`section` ,`date` ,`image1` ,`content` ,`subtitle`) VALUES ('', '$title', '$author', '$category', '$section', '$date', '".$image['name']."', '$content', '$subtitle')";


The problem is whenever i enter content in either "title, content or subtitle"
that contains an apostrophe (') it returns an error.. but if i enter content without any it works fine... is there anyway to fix this, or do i have to enter stuff without apostrophes??

I get this "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near"

This post has been edited by johnd07: 03 January 2010 - 08:11 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Help with SQl query

#2 no2pencil  Icon User is offline

  • Admiral Fancy Pants
  • member icon

Reputation: 5380
  • View blog
  • Posts: 27,350
  • Joined: 10-May 07

Re: Help with SQl query

Posted 03 January 2010 - 08:23 PM

Quote

'".$image['name']."'

The single quote for the $image array element is ending the start single quote for the sql insert value.

Since there is no space in the element name (name) then you can safely remove the single quotes from the #image array.

$query = "INSERT INTO  `articles` (`aid` ,`title` ,`writtenby` ,`category` ,`section` ,`date` ,`image1` ,`content` ,`subtitle`) VALUES ('', '$title', '$author', '$category', '$section', '$date', '$image[name]', '$content', '$subtitle')";

Was This Post Helpful? 0
  • +
  • -

#3 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6091
  • View blog
  • Posts: 23,606
  • Joined: 23-August 08

Re: Help with SQl query

Posted 03 January 2010 - 09:03 PM

Oh, I and PHP must disagree on that, no2. From the manual:

Quote

Array do's and don'ts
Why is $foo[bar] wrong?

Always use quotes around a string literal array index. For example, $foo['bar'] is correct, while $foo[bar] is not. But why? It is common to encounter this kind of syntax in old scripts:
<?php
$foo[bar] = 'enemy';
echo $foo[bar];
// etc
?>


This is wrong, but it works. The reason is that this code has an undefined constant (bar) rather than a string ('bar' - notice the quotes). PHP may in future define constants which, unfortunately for such code, have the same name. It works because PHP automatically converts a bare string (an unquoted string which does not correspond to any known symbol) into a string which contains the bare string. For instance, if there is no defined constant named bar, then PHP will substitute in the string 'bar' and use that.


Treading on thin ice there :)

Would rather see:
$query = "INSERT INTO  `articles` (`aid` ,`title` ,`writtenby` ,`category` ,`section` ,`date` ,`image1` ,`content` ,`subtitle`) VALUES ('', '$title', '$author', '$category', '$section', '$date', '{$image['name']}', '$content', '$subtitle')";

Was This Post Helpful? 0
  • +
  • -

#4 johnd07  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 32
  • Joined: 22-January 09

Re: Help with SQl query

Posted 03 January 2010 - 11:06 PM

Sorry guys tried both and got the same error...Thanks for the lesson btw :)

I got: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'supreme application at the crease was rewarded with a total of 2 for 190 and a 6' at line 1


when I tried to post :
Half-centuries to openers Salman Butt and Imran Farhat have Pakistan well positioned to establish an imposing first-innings lead over the Australians. After an attritional second session on Monday, the tourists' supreme application at the crease was rewarded with a total of 2 for 190 and a 63-run advantage over Australia's meager first-day tally.

notice the error starts at the first apostrophe..

And if I remove them it works!!

This post has been edited by johnd07: 03 January 2010 - 11:08 PM

Was This Post Helpful? 0
  • +
  • -

#5 relic5.2  Icon User is offline

  • D.I.C Head

Reputation: 8
  • View blog
  • Posts: 50
  • Joined: 26-November 08

Re: Help with SQl query

Posted 03 January 2010 - 11:27 PM

try escaping the code, I presume it's $content that's causing problem

$content = addslashes($content);
$query = "INSERT INTO  `articles` (`aid` ,`title` ,`writtenby` ,`category` ,`section` ,`date` ,`image1` ,`content` ,`subtitle`) VALUES ('', '$title', '$author', '$category', '$section', '$date', '".$image['name']."', '$content', '$subtitle')";


Was This Post Helpful? 1
  • +
  • -

#6 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: Help with SQl query

Posted 03 January 2010 - 11:33 PM

you can use mysql_real_escape_string or addslashes,
Example:
<?PHP
$msg = mysql_real_escape_string($_POST['txtMessage']);
// or 
$msg = addcslashes($_POST['txtMessage']);
// how to use it
$strQuery = mysql_query("INSERT INTO table_name (Message) Values('$msg')")or die(mysql_error());
?>


Hope it helps :)
Was This Post Helpful? 1
  • +
  • -

#8 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6091
  • View blog
  • Posts: 23,606
  • Joined: 23-August 08

Re: Help with SQl query

Posted 04 January 2010 - 06:47 AM

noorahmad, if you're using MySQL, you should ALWAYS use mysql_real_escape_string to escape the content, not addslashes. From the documentation for addslashes:

Quote

It's highly recommeneded to use DBMS specific escape function (e.g. mysqli_real_escape_string() for MySQL or pg_escape_string() for PostgreSQL), but if the DBMS you're using does't have an escape function and the DBMS uses \ to escape special chars, you can use this function.

Was This Post Helpful? 1
  • +
  • -

#9 johnd07  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 32
  • Joined: 22-January 09

Re: Help with SQl query

Posted 04 January 2010 - 07:31 AM

:D Thank you Guys so much, now i can move forward :) hopefully I can sort out any other error I encounter :)...

You can edit to title to Solved..
Was This Post Helpful? 0
  • +
  • -

#10 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: Help with SQl query

Posted 04 January 2010 - 09:32 PM

Thanks Jack :)
I know but my bad that I didn't cleared that :(
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1