View Full Version : mysql quick question

09-01-2009, 10:57 PM
Hello i just had a quick question what do you do in you when you have a reserved word entered into your mysql to be inserted into a database. i remember someone telling me to back slash it in. Could someone please give me an example. Thank you!:thumbsup:

09-01-2009, 11:06 PM
You just put back ticks around the column name. Not that hard.

$sql = "INSERT INTO `table`(`reservedword`,notreservedword) VALUES ('blah','blah2')";
You can put backticks around table names, and column names.

Although its better to just not use reserved words in the first place if you can avoid it.

09-02-2009, 01:38 AM
OK thank, you its just that people are going to be inputting information and for one of my insert transactions it inputs the length of a movie file from ffmpeg and it says there's an error inputting the data. I think it is because the $length variable returns 00:00:00 or what ever length. what should i do about that? Thank you!:thumbsup:

09-02-2009, 04:07 AM
We need to see your code. Are you using mysql_real_escape_string?

09-02-2009, 04:16 AM
this is my code
<?php include("../Connections/mysql.php");?>
if ($_POST['submit']){
$ffmpeg = "/usr/bin/ffmpeg";

$target_path = "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/orig/";

$target_path = $target_path.basename($_FILES['uploadedfile']['name']);

$fileName = $_FILES['uploadedfile']['name'];

$ext = substr($fileName, strrpos($fileName, '.') + 1);

$newfilename = basename($fileName, $ext);

$newvideo = "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/videos/".$newfilename."flv";

$image = "/hsphere/local/home/rubygirl58/slappyjaw.com/videos/thumbnails/".$newfilename;

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

exec($ffmpeg." -i ".$target_path." -ar 22050 -ab 32 -f flv -s 320x240 ".$newvideo);

exec($ffmpeg." -i ".$target_path." -an -ss 00:00:05 -r 1 -vframes 1 -y ".$image."jpg");

//get duration of video with ffmpeg.
$videofile = $target_path;
passthru("/usr/bin/ffmpeg -i \"{$videofile}\" 2>&1");
$duration = ob_get_contents();

$search='/Duration: (.*?),/';
$duration=preg_match($search, $duration, $matches, PREG_OFFSET_CAPTURE, 3);
//get the information that was gathered by the form to submit.

} else{
echo "There was an error uploading the file, please try again!";
//////////////////////////////////////////////////////// start input transaction //////////////////////////////////

$desription = $_POST['description'];
$filename = basename($newvideo);
$length = $matches[1][0];
$title = $_POST['title'];
$username = $_SESSION['kt_login_user'];
mysql_select_db($database_mysql, $mysql);
$sql = "INSERT INTO videos (description, filename, length, title, username) VALUES ({$desription}, {$filename}, {$length}, {$title}, {$username})";
mysql_query($sql) or die(mysql_error());
} else {

09-02-2009, 04:48 AM
You aren't doing anything to prevent mysql injection. Change this

$sql = "INSERT INTO videos (description, filename, length, title, username) VALUES ({$desription}, {$filename}, {$length}, {$title}, {$username})";

to this

$sql = "INSERT INTO videos (description, filename, length, title, username) VALUES ('$desription', '$filename', '$length', '$title', '$username')";

I suggest you read this tutorial.


09-02-2009, 05:26 AM
thank you this is very helpful i am going to need to change stuff on my site cause of this. Thanks for the help