Strange SQL Syntax error -- Possibly related to ' and "
Posted: Tue Jan 13, 2009 8:01 pm
Hello.
I am building a management system for an online role playing game. Currently I am working on the new character application form. I haven't added bells and whistles yet, I'm just trying to get the darned thing to work.
I suspect it is relating to ' and " being in some of the forms values. I tried escaping the characters, and switching the ' and " characters for their HTML equivalents but I still get the error.
Of course, these fields are user entered which means it is likely to happen in the textareas that users will use ' and " so I guess it's good to find out how to fix this problem now, so I can make it happen for the other fields.
I am getting the error below:
From the code below:
I am building a management system for an online role playing game. Currently I am working on the new character application form. I haven't added bells and whistles yet, I'm just trying to get the darned thing to work.
I suspect it is relating to ' and " being in some of the forms values. I tried escaping the characters, and switching the ' and " characters for their HTML equivalents but I still get the error.
Of course, these fields are user entered which means it is likely to happen in the textareas that users will use ' and " so I guess it's good to find out how to fix this problem now, so I can make it happen for the other fields.
I am getting the error below:
Code: Select all
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test', 'Outcast', 'Creole French', '0 %', '3\'', '10 lbs', 'test', ' at line 3Code: Select all
<?php
include ('dbc.php');
if ($_POST['submit'] == 'Submit')
{
$m = $_POST[bday_month];
$d = $_POST[bday_day];
$y = $_POST[bday_year];
$bdayString = $y . "-" . $m . "-" . $d;
$char_bday = date('Y-m-d', strtotime($bdayString));
mysql_query
("INSERT INTO characters
(char_nick, char_player, char_fname, char_lname, char_sex, char_bday, char_maritalstatus,
char_species, char_class, char_nationality, char_construct, char_height, char_weight,
char_desc, char_attire, char_shorthistory, char_currentjob, char_personality1,
char_personality2, char_personality3, char_aka, char_longpersonality, char_longhistory,
char_longjob, char_longschool, char_longmedical, char_usernotes)
VALUES
('$_POST[nick]', '$player_name', '$_POST[first_name]', '$_POST[last_name]', '$_POST[gender]',
'$char_bday', '$_POST[marital_status], '$_POST[species]', '$_POST[social_class]', '$_POST[nationality]',
'$_POST[construct]', '$_POST[height]', '$_POST[weight]', '$_POST[short_desc]', '$_POST[attire]',
'$_POST[history]', '$_POST[current_job]', '$_POST[personality1]', '$_POST[personality2]',
'$_POST[personality3]', '$_POST[aka]', '$_POST[long_personality]', '$_POST[long_history]',
'$_POST[work_history]', '$_POST[school_history]', '$_POST[medical_history]', '$_POST[pnotes]'
)") or die(mysql_error());
echo "Thank you, we have received your character form.
Our staff will review your character as soon as possible.<p>
Please keep a copy of your character sheet below for your files.<p><p>";
echo "Character Nick: " . $_POST['nick'] . "<br>";
echo "First Name: " . $_POST['first_name'] . "<br>";
echo "Last Name: " . $_POST['last_name'] . "<br>";
echo "Gender: " . $_POST['gender'] . "<br>";
echo "Birthday: " . $char_bday . "<br>";
echo "Marital Status: " . $_POST['marital_status'] . "<br>";
echo "Species: " . $_POST['species'] . "<br>";
echo "Social Class: " . $_POST['social_class'] . "<br>";
echo "Nationality: " . $_POST['nationality'] . "<br>";
echo "Construct: " . $_POST['construct'] . "<br>";
echo "Height: " . $_POST['height'] . "<br>";
echo "Weight: " . $_POST['weight'] . "<br>";
echo "Description: " . $_POST['short_desc'] . "<br>";
echo "Usual Attire: " . $_POST['attire'] . "<br>";
echo "Short History: " . $_POST['history'] . "<br>";
echo "Current Employment: " . $_POST['current_job'] . "<br>";
echo "Personality: " . $_POST['personality1'] . ", " . $_POST['personality2'] . ", and " . $_POST['personality3'] . "<br>";
echo "Also Known As: " . $_POST['aka'] . "<br>";
echo "Detailed Personality: " . $_POST['long_personality'] . "<br>";
echo "Detailed History: " . $_POST['long_history'] . "<br>";
echo "Employment History: " . $_POST['work_history'] . "<br>";
echo "Education History: " . $_POST['school_history'] . "<br>";
echo "Medical History: " . $_POST['medical_history'] . "<p>";
echo "Notes: " . $_POST['pnotes'] . "<p>";
//include ('includes/newchar_email.inc');
exit;
}
?>
updated at 8:19pm <br>
<form name="form1" method="post" action="newcharacter.php">
<table width="100%" border="0">
<tr>
<td width="11%" valign="top">Nickname:</td>
<td width="22%" valign="top"><input type="text" name="nick"></td>
<td width="67%" valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">First name:</td>
<td valign="top"><input type="text" name="first_name"></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Last name:</td>
<td valign="top"><input type="text" name="last_name"></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top"> Image:</td>
<td valign="top"><input type="file" name="char_portrait"></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Gender:</td>
<td valign="top"><select name="gender">
<option value="Female">Female</option>
<option value="Male">Male</option>
</select></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Height: </td>
<td valign="top"><select name="height" id="height">
<option value="3'">3'</option>
<option value="3'5"">3'5"</option>
<option value="4'">4'</option>
<option value="4'5"">4'5"</option>
<option value="5'">5'</option>
<option value="5'5"">5'5"</option>
<option value="6'">6'</option>
<option value="6'5"">6'5"</option>
<option value="7'">7'</option>
</select></td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Weight:</td>
<td valign="top"><select name="weight" id="weight">
<option value="10 lbs">10 lbs</option>
<option value="20 lbs">20 lbs</option>
<option value="30 lbs">30 lbs</option>
<option value="40 lbs">40 lbs</option>
<option value="50 lbs">50 lbs</option>
<option value="60 lbs">60 lbs</option>
<option value="70 lbs">70 lbs</option>
<option value="80 lbs">80 lbs</option>
<option value="90 lbs">90 lbs</option>
<option value="100 lbs">100 lbs</option>
<option value="125 lbs">125 lbs</option>
<option value="150 lbs">150 lbs</option>
<option value="175 lbs">175 lbs</option>
<option value="200 lbs">200 lbs</option>
<option value="225 lbs">225 lbs</option>
<option value="250 lbs">250 lbs</option>
<option value="275 lbs">275 lbs</option>
<option value="300 lbs">300 lbs</option>
<option value="325 lbs">325 lbs</option>
<option value="350 lbs">350 lbs</option>
<option value="375 lbs">375 lbs</option>
<option value="400 lbs">400 lbs</option>
<option value="425 lbs">425 lbs</option>
<option value="450 lbs">450 lbs</option>
<option value="475 lbs">475 lbs</option>
<option value="500 lbs">500 lbs</option>
</select></td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Birthdate:</td>
<td valign="top"><select name="bday_month">
<option value="01" selected>January</option>
<option value="02">February</option>
<option value="03">March</option>
<option value="04">April</option>
<option value="05">May</option>
<option value="06">une</option>
<option value="07">July</option>
<option value="08">August</option>
<option value="09">September</option>
<option value="10">October</option>
<option value="11">November</option>
<option value="12">December</option>
</select>
<select name="bday_day">
<option value="01">1</option>
<option value="02">2</option>
<option value="03">3</option>
<option value="04">4</option>
<option value="05">5</option>
<option value="06">6</option>
<option value="07">7</option>
<option value="08">8</option>
<option value="09">9</option>
<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
<option value="13">13</option>
<option value="14">14</option>
<option value="15">15</option>
<option value="16">16</option>
<option value="17">17</option>
<option value="18">18</option>
<option value="19">19</option>
<option value="20">20</option>
<option value="21">21</option>
<option value="22">22</option>
<option value="23">23</option>
<option value="24">24</option>
<option value="25">25</option>
<option value="26">26</option>
<option value="27">27</option>
<option value="28">28</option>
<option value="29">29</option>
<option value="30">30</option>
<option value="31">21</option>
</select>
,
<input name="bday_year" type="text" size="4" maxlength="4"></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Marital status:</td>
<td valign="top"><select name="marital_status">
<option value="In a relationship">In a relationship</option>
<option value="Widowed">Widowed</option>
<option value="Married">Married</option>
<option value="Single" selected>Single</option>
</select></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Species:</td>
<td valign="top"><input type="text" name="species"></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Social class:</td>
<td valign="top"><select name="social_class">
<option value="Outcast">Outcast</option>
<option value="Indentured servant">Indentured servant</option>
<option value="Free servant">Free servant</option>
<option value="Military">Military</option>
<option value="Citizen">Citizen</option>
<option value="Gentry">Gentry</option>
</select></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Nationality:</td>
<td valign="top"><select name="nationality">
<option value="Creole French" selected>Creole French</option>
<option value="American">American</option>
<option value="Cajun">Cajun</option>
<option value="Native">Native</option>
<option value="Other">Other(specify in desc.)</option>
</select></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td valign="top">Construct:</td>
<td valign="top"><select name="construct">
<option value="0 %">0 %</option>
<option value="20 %">20 %</option>
<option value="40 %">40 %</option>
<option value="60 %">60 %</option>
<option value="80 %">80 %</option>
<option value="100 %">100 %</option>
</select></td>
<td valign="top"><p></p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Short description:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><p>
<textarea rows="10" cols="50" name="short_desc"></textarea>
</p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Usual attire:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><p>
<textarea rows="10" cols="50" name="attire"></textarea>
</p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Short history:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><p>
<textarea rows="10" cols="50" name="history"></textarea>
</p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Current job:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><p>
<textarea rows="10" cols="50" name="current_job"></textarea>
<br>
</p></td>
</tr>
<tr>
<td valign="top"> </td>
<td colspan="2" valign="top"> </td>
</tr>
<tr>
<td valign="top">Personality: </td>
<td colspan="2" valign="top"><p>
<input type="text" name="personality1">
,
<input type="text" name="personality2">
, and
<input type="text" name="personality3">
<br>
</p></td>
</tr>
<tr>
<td valign="top"> </td>
<td colspan="2" valign="top"> </td>
</tr>
<tr>
<td colspan="3" valign="top"><hr width="100%" size="2" noshade></td>
</tr>
<tr>
<td colspan="3" align="center" valign="top"> </td>
</tr>
<tr>
<td colspan="3" align="center" valign="top"><p>The fields below are just as important, and required as those above however they will not be visible on the character profile pages. </p>
<p>Their purpose is to develop your characters history, and personality. These fields will also permit our staff to help you build your character further within the Bon Temps setting. Staff who specialize in character creation will be reviewing your character and e-mailing you personally to work with you to create a solid character.</p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Also known as:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><p>
<textarea rows="10" cols="50" name="aka"></textarea>
<br>
</p></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Detailed personality:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="long_personality"></textarea></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">The characters life story:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="long_history"></textarea></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Employment history:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="work_history"></textarea></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Education history:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="school_history"></textarea></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Medical history:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="medical_history"></textarea></td>
</tr>
<tr>
<td colspan="2" valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="2" valign="top">Notes:</td>
<td valign="top"></td>
</tr>
<tr>
<td colspan="3" valign="top"><textarea rows="20" cols="50" name="pnotes"></textarea></td>
</tr>
<tr>
<td valign="top"> </td>
<td valign="top"> </td>
<td valign="top"> </td>
</tr>
<tr>
<td colspan="3" valign="top"><input type="hidden" name="status" value="new character" />
<input type="submit" name="submit" value="Submit">
<input type="reset" name="Reset" id="button" value="Reset"></td>
</tr>
</table>
</form>