I have been wrestling with this off and on for the past couple days and
would really appreciate some help.

I have a "Guest Book" page that collects name, address, e-mail, etc. in a
form. I won't post the form code because it's just HTML and it works fine.
Besically, the page does one of two things:

1) Adds a new guest to the db.


2) Updates the information for a guest record (passed in from another page).

I ran into problems with entering apostrophes for names like O'Reilly.
Naturally, I used addslashes(). However, adding addslashes() to the UPDATE
SQL statement that gets executed in condition 2 above works flawlessly both
to and from the db while addslashes() in the INSERT SQL statement that gets
executed in condition 2 above continues to bomb out.

Incidentally, if I attempt to add a new guest to the db without any special
characters, the process works just fine. So I know the error is related to
those special characters.

Here is the relevant SQL code:

This statement works flawlessly.

$sql = "UPDATE contactInfo SET
screenname='".addslashes($_POST["screenName"])."' WHERE

This statement bombs.

$sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1,
street2, city, state, zip, emailaddress, screenname) VALUES (NULL,
'".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."',
'".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."',
'".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."',

If I type in the last name O'Grady and the first name Gail, the error I
receive when the statement bombs is fairly standard and reads:

You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '',
'')' at line 1.

And, finally, here's how I'm posting the form data:
<form name="eMailEdit" method="post" action="<?=$PHP_SELF?>">

Anybody have any ideas?


PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to