hi agine php help:)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
forgun
Forum Commoner
Posts: 61
Joined: Wed Jan 29, 2003 6:05 am
Contact:

hi agine php help:)

Post by forgun »

mm i changed at and its give errors

Code: Select all

<?php
$qur = "INSERT INTO News ( title, body, date, time, byhow) VALUES (";
$qur .= "'" . $_POST["title"] . "' , '" . $_POST["body"] . "', CURDATE(), CURTIME(), '" . $_POST["how"] . "')";
$qur = mysql_escape_string($qur);
mysql_query($qur) or die (mysql_error());

?>
User avatar
mydimension
Moderator
Posts: 531
Joined: Tue Apr 23, 2002 6:00 pm
Location: Lowell, MA USA
Contact:

Post by mydimension »

what error are you getting?
User avatar
forgun
Forum Commoner
Posts: 61
Joined: Wed Jan 29, 2003 6:05 am
Contact:

Post by forgun »

Code: Select all

You have an error in your SQL syntax near '''hgh'' , ''ff'', CURDATE(), CURTIME(), ''forgun'')' at line 1
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You're using mysql_escape_string() on your SQL query so it's escaping the single quotes around the variables and thus the whole thing is not working - you have to only apply this function to the $_POST variables. You could do something like:

Code: Select all

<?php 
$qur = "INSERT INTO News ( title, body, date, time, byhow) VALUES ("; 
$qur .= "'" .mysql_escape_string($_POST['title']). "' , '" .mysql_escape_string($_POST['body']). "', CURDATE(), CURTIME(), '" .mysql_escape_string($_POST['how']). "')"; 
mysql_query($qur) or die (mysql_error()); 

?>
Mac
Post Reply