Comment Box Error - Error, insert query failed

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
reyes99
Forum Commoner
Posts: 38
Joined: Tue May 22, 2007 10:35 pm

Comment Box Error - Error, insert query failed

Post by reyes99 »

I am getting an error : Error, insert query failed when writing to a sql database text type field from a php form.

When they use special characters in the comment box it gives them "Error, insert query failed. "

Is there any way to clean up the text for example if they use "have'nt" or any other illegal characters?

I dont want it to prompt them I just want it to save the text without the characters.


Thanks

Ralph
User avatar
guitarlvr
Forum Contributor
Posts: 245
Joined: Wed Mar 21, 2007 10:35 pm

Post by guitarlvr »

reyes99
Forum Commoner
Posts: 38
Joined: Tue May 22, 2007 10:35 pm

Post by reyes99 »

Sorry, I am new to PHP.

How would I use that to write the comment field to the database? This is how I am saving it to the database:

$query = "INSERT INTO survey (ps_no, name, dept, comptype, ans1, ans2, ans3, ans4, ans5, ans6, ans7, ans8, pc_comm, lap_comm)
VALUES ('$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '$pccomm', '$lapcomm')";

The comment fields are $pccomm and $lapcomm


Thanks

Ralph
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Post the code that sets those vars.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

Code: Select all

$query = "INSERT INTO survey (ps_no, name, dept, comptype, ans1, ans2, ans3, ans4, ans5, ans6, ans7, ans8, pc_comm, lap_comm) 
          VALUES ('$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '".mysql_real_escape_string($pccomm)."', '".mysql_real_escape_string($lapcomm."')";
the only reason I only escaped the two variables you posted is because i have no idea what the others are. You should escape ANY variable that is user-submitted
Last edited by maliskoleather on Mon Jun 04, 2007 4:28 pm, edited 1 time in total.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Everyone of those insert variables should be run through mysql_real_escape_string().
reyes99
Forum Commoner
Posts: 38
Joined: Tue May 22, 2007 10:35 pm

Post by reyes99 »

Thanks maliskoleather,

I tried that but now I am getting this error:

PHP Parse error: syntax error, unexpected ';' in C:\Inetpub\wwwroot\delltest\addrec.php on line 37

line 37 is :
VALUES '$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '".mysql_real_escape_string($pccomm)."', '".mysql_real_escape_string($lapcomm."')";

I don't see any thing wrong??

Thanks
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

whoops. typo on my part.

Code: Select all

mysql_real_escape_string($lapcomm)."')";
is what it should be
reyes99
Forum Commoner
Posts: 38
Joined: Tue May 22, 2007 10:35 pm

Post by reyes99 »

Great that worked!!!

Thank you all for your help.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I'd still like to reiterate... since you are inserting, everything that is going into the table that could be supplied, or manipulated, by a user should be run through mysql_real_escape_string().
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Everah wrote:I'd still like to reiterate... since you are inserting, everything that is going into the table that could be supplied, or manipulated, by a user should be run through mysql_real_escape_string().
I escape all data that goes into databases, just in case, somehow, I make an error somewhere or add quotes or something into a string.... Not just user input. Is that too much?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I wouldn't say so. I think it is always better to err on the side of caution.
Post Reply