Sometimes I get a error when trying to insert MySQL from a PHP script when I have a ' and sometimes I do not. I have the exact same code on one server and do not get the error but on the other server I do. It's the same exact small framework I made on both sites. Just when I try to submit a textarea or anything with a ' on this one server it gives me the syntax error next to the '. Any ideas why? Thanks.
Edit:
One thing I noticed is the server giving me the error uses MySQL 4.x but the server without the ever is using MySQL 5.x. Could this be the reason?
SQL Syntax error?
Moderator: General Moderators
Re: SQL Syntax error?
You have magic quotes turned on in PHP.
-
mikelbring
- Forum Commoner
- Posts: 38
- Joined: Sat Jan 05, 2008 5:28 pm
Re: SQL Syntax error?
I had it turned off and it was still doing this. Now on the server that it was not doing it, it is doing the error on another script on the same server that it was not doing it. But the other script still does not do it. I don't get it. Its the same type of code and framework.
Re: SQL Syntax error?
Once you have magic quotes de-activated you'll need to manually escape user input with mysql_real_escape_string.
Read up on SQL injection to better wrap your head around this concept
Read up on SQL injection to better wrap your head around this concept