PHP/mysql insert problem

akbard · July 8, 2010, 3:56pm

Hi guys,

I am writing a small CMS type script and I am taking user input from a textarea.

It works for most stuff but some times I think it recognizes the input as some sort of SQL query.

I’m not sure because I am a php/mysql newbie.

All help will be greatly appreciated.

Error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s Executive Box, and and take the applause of the crowd at half-time!’)’ at line 1

Post News Function

function postNews($contents)
{
	global $conn;
	$txt = html2txt($contents); //removes html for security reasons
	$sqlstatement = "insert into news(contents) VALUES ('$txt')";
	$sqlresult = mysql_query($sqlstatement, $conn) or die(mysql_error());
}

DarthGuido · July 8, 2010, 3:59pm

$contents is user input? My guess is, it contains a single quote. Use mysql_real_escape_string to sanitize it before using it in a query.

Topic		Replies	Views
Inserting data into MySQL by a teaxtarea PHP	4	31393	December 8, 2011
Insert from textfield with ' PHP	2	356	April 24, 2010
Strategy to enter data into MySQL Databases	3	404	August 15, 2011
mysqli_real_escape_string PHP	23	5121	November 10, 2014
'You have an error in your SQL syntax' - but I don't! PHP	11	5471	July 23, 2010

PHP/mysql insert problem

Related topics