I would say that having to slashes causes the first slash to be ignored.

try only doing addslashes() once.

also make a variable for your query then use something like this to do it:

$result = mysql_query($query) or die("Query failed: $query<br>" .

If the query fails mySQL will tell you where your error is.

JJ Harrison

"Rich Hutchins" <[EMAIL PROTECTED]> wrote in message
> I have been wrestling with this off and on for the past couple days and
> would really appreciate some help.
> I have a "Guest Book" page that collects name, address, e-mail, etc. in a
> form. I won't post the form code because it's just HTML and it works fine.
> Besically, the page does one of two things:
> 1) Adds a new guest to the db.
> OR
> 2) Updates the information for a guest record (passed in from another
> I ran into problems with entering apostrophes for names like O'Reilly.
> Naturally, I used addslashes(). However, adding addslashes() to the UPDATE
> SQL statement that gets executed in condition 2 above works flawlessly
> to and from the db while addslashes() in the INSERT SQL statement that
> executed in condition 2 above continues to bomb out.
> Incidentally, if I attempt to add a new guest to the db without any
> characters, the process works just fine. So I know the error is related to
> those special characters.
> Here is the relevant SQL code:
> This statement works flawlessly.
> $sql = "UPDATE contactInfo SET
> firstnames='".addslashes($_POST["firstnames"])."',
> lastname='".addslashes($_POST["lastname"])."',
> street1='".addslashes($_POST["street1"])."',
> street2='".addslashes($_POST["street2"])."',
> city='".addslashes($_POST["city"])."',
> state='".addslashes($_POST["state"])."',
> zip='".addslashes($_POST["zip"])."',
> emailaddress='".addslashes($_POST["eMailAddress"])."',
> screenname='".addslashes($_POST["screenName"])."' WHERE
> personID='".$_POST["thisPersonID"]."'";
> This statement bombs.
> $sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1,
> street2, city, state, zip, emailaddress, screenname) VALUES (NULL,
> '".addslashes($_POST["firstnames"])."',
> '".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."',
> '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."',
> '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."',
> '".addslashes($_POST["eMailAddress"])."',
> '".addslashes($_POST["screenName"])."')";
> If I type in the last name O'Grady and the first name Gail, the error I
> receive when the statement bombs is fairly standard and reads:
> You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '',
> '')' at line 1.
> And, finally, here's how I'm posting the form data:
> <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>">
> Anybody have any ideas?
> Thanks,
> Rich

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to