Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: error in mySQL

  1. #1
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts

    Question error in mySQL

    Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''this is my test text')' at line 3


    in my database I added a TEXT field for a textarea box in a form

    why doesn't it work?!

  • #2
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    Our psychic powers are running low today, please post the relevant code. My guess is you have an error in your sql syntax......

    Quotes are probably a problem, too.

  • #3
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts
    Code:
    <?php
    include_once('config.php');
    
    $sql="INSERT INTO assessment (Assessor, page, Dateadded, Assessment)
    VALUES
    ('$_POST[Assessor]','$_POST[page]','$_POST[Dateadded]'),'$_POST[Assessment]')";
    
    if (!mysql_query($sql,$link))
      {
      die('Error: ' . mysql_error());
      }
    echo "assessment added";
    echo '<br>'; 
    echo '<a href="post.php">Add new</a>' . '<br>'; 
    echo '<a href="display.php">Assessments</a>'; 
    
    mysql_close($link)
    
    ?>

  • #4
    Regular Coder
    Join Date
    Dec 2007
    Location
    Nebraska
    Posts
    113
    Thanks
    0
    Thanked 2 Times in 2 Posts
    You have an extra parenthesis and comma after one of your values. You are also not escaping any of the values in your query. Don't ever put data from user input directly into string queries in that way. It is a huge security hole.
    Deliver yesterday, code today, think tomorrow.

  • #5
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Going along with what hammer said try this
    PHP Code:
    <?php
    include_once('config.php');
    $Assessor mysql_real_escape_string(stripslashes($_POST['Assessor']));
    $page mysql_real_escape_string(stripslashes($_POST['page']));
    $Dateadded mysql_real_escape_string(stripslashes($_POST['Dateadded']));
    $Assessment mysql_real_escape_string(stripslashes($_POST['Assessment']));
    $sql "INSERT INTO assessment (Assessor, page, Dateadded, Assessment) VALUES ('$Assessor','$page','$Dateadded','$Assessment')";
    $result mysql_query($sql,$link) or die('Error: ' mysql_error() . '<br>SQL: ' $sql);
    echo 
    'assessment added<br>';
    echo 
    '<a href="post.php">Add new</a><br>'
    echo 
    '<a href="display.php">Assessments</a>'
    mysql_close($link);
    ?>
    I use stripslashes on the data because magic_quotes_gpc might be on but I'm too lazy to check for it. mysql_real_escape_string will help prevent mysql injection.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •