Page 1 of 1

Error Plz help

Posted: Mon Sep 21, 2009 4:29 am
by Neeti
Hello Please anybody help i am facing this problem ,when somebody added "/\/\" this string in place of name or anything else it shows this error how could it can be removed .

insert into tbl_staff_member set staff_addedon='2009-09-22 01:35:27', staff_addedby='', staff_name='/\/\', staff_phone='1234567896', staff_email='neeti@gm.com', staff_address='aa'
as following error is encountered...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1234567896', staff_email='neeti@gm.com', staff_address='aa'' at line 1

Re: Error Plz help

Posted: Mon Sep 21, 2009 4:35 am
by papa
Validate your user input and also use mysql_real_escape_string().