I would say that having to slashes causes the first slash to be ignored. try only doing addslashes() once.
also make a variable for your query then use something like this to do it: $result = mysql_query($query) or die("Query failed: $query<br>" . mysql_error()); If the query fails mySQL will tell you where your error is. -- JJ Harrison [EMAIL PROTECTED] www.tececo.com "Rich Hutchins" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I have been wrestling with this off and on for the past couple days and > would really appreciate some help. > > I have a "Guest Book" page that collects name, address, e-mail, etc. in a > form. I won't post the form code because it's just HTML and it works fine. > Besically, the page does one of two things: > > 1) Adds a new guest to the db. > > OR > > 2) Updates the information for a guest record (passed in from another page). > > I ran into problems with entering apostrophes for names like O'Reilly. > Naturally, I used addslashes(). However, adding addslashes() to the UPDATE > SQL statement that gets executed in condition 2 above works flawlessly both > to and from the db while addslashes() in the INSERT SQL statement that gets > executed in condition 2 above continues to bomb out. > > Incidentally, if I attempt to add a new guest to the db without any special > characters, the process works just fine. So I know the error is related to > those special characters. > > Here is the relevant SQL code: > > This statement works flawlessly. > > $sql = "UPDATE contactInfo SET > firstnames='".addslashes($_POST["firstnames"])."', > lastname='".addslashes($_POST["lastname"])."', > street1='".addslashes($_POST["street1"])."', > street2='".addslashes($_POST["street2"])."', > city='".addslashes($_POST["city"])."', > state='".addslashes($_POST["state"])."', > zip='".addslashes($_POST["zip"])."', > emailaddress='".addslashes($_POST["eMailAddress"])."', > screenname='".addslashes($_POST["screenName"])."' WHERE > personID='".$_POST["thisPersonID"]."'"; > > This statement bombs. > > $sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1, > street2, city, state, zip, emailaddress, screenname) VALUES (NULL, > '".addslashes($_POST["firstnames"])."', > '".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."', > '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."', > '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."', > '".addslashes($_POST["eMailAddress"])."', > '".addslashes($_POST["screenName"])."')"; > > If I type in the last name O'Grady and the first name Gail, the error I > receive when the statement bombs is fairly standard and reads: > > You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '', > '')' at line 1. > > And, finally, here's how I'm posting the form data: > <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>"> > > Anybody have any ideas? > > Thanks, > Rich > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php