sql error cuase of '

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
pinehead18
Forum Contributor
Posts: 329
Joined: Thu Jul 31, 2003 9:20 pm

sql error cuase of '

Post by pinehead18 »

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 's Summit','6')' at line 2

When i'm posting a reply and inserting it, it does not like it if their is a ' in the txt. Example. lee's summit. Don't do that.

here is the code

Code: Select all

$sql = "INSERT INTO threads (tid,author,body,date,subject,forum_id) VALUES 
			('$newtid','$name','$body','$date','$subject','$fid')";
Thank you
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

You should consider using mysql_real_escape_string() or addslashes().
User avatar
tim
DevNet Resident
Posts: 1165
Joined: Thu Feb 12, 2004 7:19 pm
Location: ohio

Post by tim »

ahh red, much better suggestion.

:cry:
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Yeah I prefer [php_man]addslashes[/php_man]() for this.

And then [php_man]stripslashes[/php_man]() when calling the information.
Post Reply