PHP (& MySQL) Problem (Since Server Move)

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dale
Forum Contributor
Posts: 466
Joined: Fri Jun 21, 2002 5:57 pm
Location: Atherstone, Warks

PHP (& MySQL) Problem (Since Server Move)

Post by Dale »

I've moved one of my sites from a shared server to a VPS one (Plesk) and have now encountered a problem with the forum script that I made on the site.

Originally it would allow me to post anything (quotes, double quotes, backslashes, forward slashes, etc.) however since I move the site over I always get the "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near" message when I post a single quote (for punctuational reasons (i.e; didn't, can't, etc.))

I've tried stripslashes, htmlentities, htmlspecialchars but none of them are helping. Heres what I got. Oh and the message stuff comes from a $_POST variable titled "msgthread"

Code: Select all

mysql_query("INSERT INTO msgthreads VALUES('',$_POST[forumid],$_POST[threadtitle],$_POST[threadmsg],$user_id,$curtime,0,0,$curtime,'open',$user_id)") or die("Error: " . mysql_error());
But when I type something like:

Code: Select all

testing quotes ' test " test \ test / test ` test
I get this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'quotes ' test " test \ test / test ` test,1,1241535527,0,0,1241535527,'open',1)' at line
Anyone know why?
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: PHP (& MySQL) Problem (Since Server Move)

Post by McInfo »

Strings in a query should have quotes around them. Use mysql_real_escape_string() to escape quotes in a string before injecting it into a query.

Code: Select all

$str1 = mysql_real_escape_string('string 1');
$query = "INSERT INTO `table` (`field1`, `field2`) VALUES ('{$str1}', 'string 2')";
Your difficulties may be related to a difference in the Magic Quotes setting on the two servers.

Edit: This post was recovered from search engine cache.
Last edited by McInfo on Tue Jun 15, 2010 3:48 pm, edited 1 time in total.
Dale
Forum Contributor
Posts: 466
Joined: Fri Jun 21, 2002 5:57 pm
Location: Atherstone, Warks

Re: PHP (& MySQL) Problem (Since Server Move)

Post by Dale »

Hey McInfo, yeah I used mysql_real_escape_string() and it worked fine. I just forgot to update this thread. Cheers anyway. :)
Post Reply