Page 1 of 1

SQL Syntax error?

Posted: Sat Nov 29, 2008 10:41 pm
by mikelbring
Sometimes I get a error when trying to insert MySQL from a PHP script when I have a ' and sometimes I do not. I have the exact same code on one server and do not get the error but on the other server I do. It's the same exact small framework I made on both sites. Just when I try to submit a textarea or anything with a ' on this one server it gives me the syntax error next to the '. Any ideas why? Thanks.

Edit:

One thing I noticed is the server giving me the error uses MySQL 4.x but the server without the ever is using MySQL 5.x. Could this be the reason?

Re: SQL Syntax error?

Posted: Sat Nov 29, 2008 11:55 pm
by josh
You have magic quotes turned on in PHP.

Re: SQL Syntax error?

Posted: Tue Dec 02, 2008 10:48 pm
by mikelbring
I had it turned off and it was still doing this. Now on the server that it was not doing it, it is doing the error on another script on the same server that it was not doing it. But the other script still does not do it. I don't get it. Its the same type of code and framework.

Re: SQL Syntax error?

Posted: Wed Dec 03, 2008 6:07 pm
by josh
Once you have magic quotes de-activated you'll need to manually escape user input with mysql_real_escape_string.

Read up on SQL injection to better wrap your head around this concept