SQL Syntax error?

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
mikelbring
Forum Commoner
Posts: 38
Joined: Sat Jan 05, 2008 5:28 pm

SQL Syntax error?

Post by mikelbring »

Sometimes I get a error when trying to insert MySQL from a PHP script when I have a ' and sometimes I do not. I have the exact same code on one server and do not get the error but on the other server I do. It's the same exact small framework I made on both sites. Just when I try to submit a textarea or anything with a ' on this one server it gives me the syntax error next to the '. Any ideas why? Thanks.

Edit:

One thing I noticed is the server giving me the error uses MySQL 4.x but the server without the ever is using MySQL 5.x. Could this be the reason?
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: SQL Syntax error?

Post by josh »

You have magic quotes turned on in PHP.
mikelbring
Forum Commoner
Posts: 38
Joined: Sat Jan 05, 2008 5:28 pm

Re: SQL Syntax error?

Post by mikelbring »

I had it turned off and it was still doing this. Now on the server that it was not doing it, it is doing the error on another script on the same server that it was not doing it. But the other script still does not do it. I don't get it. Its the same type of code and framework.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: SQL Syntax error?

Post by josh »

Once you have magic quotes de-activated you'll need to manually escape user input with mysql_real_escape_string.

Read up on SQL injection to better wrap your head around this concept
Post Reply