whats wrong with this php / sql command:

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
divx
Forum Newbie
Posts: 20
Joined: Sun Jul 01, 2007 1:37 pm

whats wrong with this php / sql command:

Post by divx »

this is the shothand sqlquerry(after connecting to the database ans table):
$result= mysql_query("INSERT INTO sigparsed (a, b, c, d, e ) VALUES ('2', $var1, '1', $var2, '0' ) ") or die(mysql_error());
and my error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

But I see nothing wrong with my syntax
divx
Forum Newbie
Posts: 20
Joined: Sun Jul 01, 2007 1:37 pm

Post by divx »

$var1 and $var2 both contain ", and they have too, is there anyeay around this if it is the problem
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

divx wrote:$var1 and $var2 both contain ", and they have too, is there anyeay around this if it is the problem
Yes:

http://www.php.net/mysql_real_escape_string

*Always always* use that function before inserting data into MySQL.
Post Reply