Comment Box Error - Error, insert query failed
Moderator: General Moderators
Comment Box Error - Error, insert query failed
I am getting an error : Error, insert query failed when writing to a sql database text type field from a php form.
When they use special characters in the comment box it gives them "Error, insert query failed. "
Is there any way to clean up the text for example if they use "have'nt" or any other illegal characters?
I dont want it to prompt them I just want it to save the text without the characters.
Thanks
Ralph
When they use special characters in the comment box it gives them "Error, insert query failed. "
Is there any way to clean up the text for example if they use "have'nt" or any other illegal characters?
I dont want it to prompt them I just want it to save the text without the characters.
Thanks
Ralph
Sorry, I am new to PHP.
How would I use that to write the comment field to the database? This is how I am saving it to the database:
$query = "INSERT INTO survey (ps_no, name, dept, comptype, ans1, ans2, ans3, ans4, ans5, ans6, ans7, ans8, pc_comm, lap_comm)
VALUES ('$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '$pccomm', '$lapcomm')";
The comment fields are $pccomm and $lapcomm
Thanks
Ralph
How would I use that to write the comment field to the database? This is how I am saving it to the database:
$query = "INSERT INTO survey (ps_no, name, dept, comptype, ans1, ans2, ans3, ans4, ans5, ans6, ans7, ans8, pc_comm, lap_comm)
VALUES ('$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '$pccomm', '$lapcomm')";
The comment fields are $pccomm and $lapcomm
Thanks
Ralph
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- maliskoleather
- Forum Contributor
- Posts: 155
- Joined: Tue May 15, 2007 2:19 am
- Contact:
Code: Select all
$query = "INSERT INTO survey (ps_no, name, dept, comptype, ans1, ans2, ans3, ans4, ans5, ans6, ans7, ans8, pc_comm, lap_comm)
VALUES ('$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '".mysql_real_escape_string($pccomm)."', '".mysql_real_escape_string($lapcomm."')";
Last edited by maliskoleather on Mon Jun 04, 2007 4:28 pm, edited 1 time in total.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Everyone of those insert variables should be run through mysql_real_escape_string().
Thanks maliskoleather,
I tried that but now I am getting this error:
PHP Parse error: syntax error, unexpected ';' in C:\Inetpub\wwwroot\delltest\addrec.php on line 37
line 37 is :
VALUES '$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '".mysql_real_escape_string($pccomm)."', '".mysql_real_escape_string($lapcomm."')";
I don't see any thing wrong??
Thanks
I tried that but now I am getting this error:
PHP Parse error: syntax error, unexpected ';' in C:\Inetpub\wwwroot\delltest\addrec.php on line 37
line 37 is :
VALUES '$psno', '$name', '$dept', '$comtype', '$ans1', '$ans2', '$ans3', '$ans4', '$ans5', '$ans6', '$ans7', '$ans8', '".mysql_real_escape_string($pccomm)."', '".mysql_real_escape_string($lapcomm."')";
I don't see any thing wrong??
Thanks
- maliskoleather
- Forum Contributor
- Posts: 155
- Joined: Tue May 15, 2007 2:19 am
- Contact:
whoops. typo on my part.
is what it should be
Code: Select all
mysql_real_escape_string($lapcomm)."')";- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
I'd still like to reiterate... since you are inserting, everything that is going into the table that could be supplied, or manipulated, by a user should be run through mysql_real_escape_string().
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
I escape all data that goes into databases, just in case, somehow, I make an error somewhere or add quotes or something into a string.... Not just user input. Is that too much?Everah wrote:I'd still like to reiterate... since you are inserting, everything that is going into the table that could be supplied, or manipulated, by a user should be run through mysql_real_escape_string().
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA