SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2005
    Posts
    39
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    "error in your SQL syntax" for update form

    Hello all,

    I am trying to update a table and when i process it I get the message "You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's an excellent opportunity to network while learning a simple"

    The only thing i can think of is that if the user adds a single quote into the textbox it casues the error.

    PHP Code:
    require("../db/db_info.php");
    $link mysql_connect("$host""$user") or die( mysql_error( ));
    if (! 
    $link)
    die(
    "Couldn't connect to MySQL");
    mysql_select_db("$db")
    or die(
    "Couldn't open $db: ".mysql_error());    
    $work_list stripslashes$_POST['work_list']);
    $work_text stripslashes$_POST['work_text']);
    mysql_query
        
    ("  UPDATE work_text
            SET
                work_list = '
    $work_list',
                work_text = '
    $work_text',
                date_1 = '
    $date_1',
                date_2 = '
    $date_2'
            WHERE
                work_text_id = '1' "

    or die( 
    mysql_error( ));    
    mysql_close ($link); 
    thanks in advance ad

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,276
    Mentioned
    60 Post(s)
    Tagged
    3 Thread(s)
    that's correct, a single quote entered into a textbox would give that error

    moving your thread to PHP forum to find out how to deal with that
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •