I have been wrestling with this off and on for the past couple days and would really appreciate some help.
I have a "Guest Book" page that collects name, address, e-mail, etc. in a form. I won't post the form code because it's just HTML and it works fine. Besically, the page does one of two things: 1) Adds a new guest to the db. OR 2) Updates the information for a guest record (passed in from another page). I ran into problems with entering apostrophes for names like O'Reilly. Naturally, I used addslashes(). However, adding addslashes() to the UPDATE SQL statement that gets executed in condition 2 above works flawlessly both to and from the db while addslashes() in the INSERT SQL statement that gets executed in condition 2 above continues to bomb out. Incidentally, if I attempt to add a new guest to the db without any special characters, the process works just fine. So I know the error is related to those special characters. Here is the relevant SQL code: This statement works flawlessly. $sql = "UPDATE contactInfo SET firstnames='".addslashes($_POST["firstnames"])."', lastname='".addslashes($_POST["lastname"])."', street1='".addslashes($_POST["street1"])."', street2='".addslashes($_POST["street2"])."', city='".addslashes($_POST["city"])."', state='".addslashes($_POST["state"])."', zip='".addslashes($_POST["zip"])."', emailaddress='".addslashes($_POST["eMailAddress"])."', screenname='".addslashes($_POST["screenName"])."' WHERE personID='".$_POST["thisPersonID"]."'"; This statement bombs. $sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1, street2, city, state, zip, emailaddress, screenname) VALUES (NULL, '".addslashes($_POST["firstnames"])."', '".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."', '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."', '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."', '".addslashes($_POST["eMailAddress"])."', '".addslashes($_POST["screenName"])."')"; If I type in the last name O'Grady and the first name Gail, the error I receive when the statement bombs is fairly standard and reads: You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '', '')' at line 1. And, finally, here's how I'm posting the form data: <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>"> Anybody have any ideas? Thanks, Rich -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
