Page 1 of 1

whats wrong with this php / sql command:

Posted: Sat Aug 04, 2007 5:41 am
by divx
this is the shothand sqlquerry(after connecting to the database ans table):
$result= mysql_query("INSERT INTO sigparsed (a, b, c, d, e ) VALUES ('2', $var1, '1', $var2, '0' ) ") or die(mysql_error());
and my error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

But I see nothing wrong with my syntax

Posted: Sat Aug 04, 2007 5:50 am
by divx
$var1 and $var2 both contain ", and they have too, is there anyeay around this if it is the problem

Posted: Sat Aug 04, 2007 7:14 am
by Chris Corbyn
divx wrote:$var1 and $var2 both contain ", and they have too, is there anyeay around this if it is the problem
Yes:

http://www.php.net/mysql_real_escape_string

*Always always* use that function before inserting data into MySQL.