View Full Version : error in mySQL

05-15-2008, 04:56 PM
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''this is my test text')' at line 3

in my database I added a TEXT field for a textarea box in a form

why doesn't it work?!

05-15-2008, 04:58 PM
Our psychic powers are running low today, please post the relevant code. My guess is you have an error in your sql syntax......

Quotes are probably a problem, too.

05-15-2008, 05:14 PM

$sql="INSERT INTO assessment (Assessor, page, Dateadded, Assessment)

if (!mysql_query($sql,$link))
die('Error: ' . mysql_error());
echo "assessment added";
echo '<br>';
echo '<a href="post.php">Add new</a>' . '<br>';
echo '<a href="display.php">Assessments</a>';



05-15-2008, 05:37 PM
You have an extra parenthesis and comma after one of your values. You are also not escaping any of the values in your query. Don't ever put data from user input directly into string queries in that way. It is a huge security hole.

05-15-2008, 07:38 PM
Going along with what hammer said try this

$Assessor = mysql_real_escape_string(stripslashes($_POST['Assessor']));
$page = mysql_real_escape_string(stripslashes($_POST['page']));
$Dateadded = mysql_real_escape_string(stripslashes($_POST['Dateadded']));
$Assessment = mysql_real_escape_string(stripslashes($_POST['Assessment']));
$sql = "INSERT INTO assessment (Assessor, page, Dateadded, Assessment) VALUES ('$Assessor','$page','$Dateadded','$Assessment')";
$result = mysql_query($sql,$link) or die('Error: ' . mysql_error() . '<br>SQL: ' . $sql);
echo 'assessment added<br>';
echo '<a href="post.php">Add new</a><br>';
echo '<a href="display.php">Assessments</a>';
I use stripslashes on the data because magic_quotes_gpc might be on but I'm too lazy to check for it. mysql_real_escape_string will help prevent mysql injection.