I would say that having to slashes causes the first slash to be ignored.
try only doing addslashes() once.
also make a variable for your query then use something like this to do it:
$result = mysql_query($query) or die("Query failed: $query<br>" .
mysql_error());
If the query fails mySQL will tell you where your error is.
--
JJ Harrison
[EMAIL PROTECTED]
www.tececo.com
"Rich Hutchins" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I have been wrestling with this off and on for the past couple days and
> would really appreciate some help.
>
> I have a "Guest Book" page that collects name, address, e-mail, etc. in a
> form. I won't post the form code because it's just HTML and it works fine.
> Besically, the page does one of two things:
>
> 1) Adds a new guest to the db.
>
> OR
>
> 2) Updates the information for a guest record (passed in from another
page).
>
> I ran into problems with entering apostrophes for names like O'Reilly.
> Naturally, I used addslashes(). However, adding addslashes() to the UPDATE
> SQL statement that gets executed in condition 2 above works flawlessly
both
> to and from the db while addslashes() in the INSERT SQL statement that
gets
> executed in condition 2 above continues to bomb out.
>
> Incidentally, if I attempt to add a new guest to the db without any
special
> characters, the process works just fine. So I know the error is related to
> those special characters.
>
> Here is the relevant SQL code:
>
> This statement works flawlessly.
>
> $sql = "UPDATE contactInfo SET
> firstnames='".addslashes($_POST["firstnames"])."',
> lastname='".addslashes($_POST["lastname"])."',
> street1='".addslashes($_POST["street1"])."',
> street2='".addslashes($_POST["street2"])."',
> city='".addslashes($_POST["city"])."',
> state='".addslashes($_POST["state"])."',
> zip='".addslashes($_POST["zip"])."',
> emailaddress='".addslashes($_POST["eMailAddress"])."',
> screenname='".addslashes($_POST["screenName"])."' WHERE
> personID='".$_POST["thisPersonID"]."'";
>
> This statement bombs.
>
> $sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1,
> street2, city, state, zip, emailaddress, screenname) VALUES (NULL,
> '".addslashes($_POST["firstnames"])."',
> '".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."',
> '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."',
> '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."',
> '".addslashes($_POST["eMailAddress"])."',
> '".addslashes($_POST["screenName"])."')";
>
> If I type in the last name O'Grady and the first name Gail, the error I
> receive when the statement bombs is fairly standard and reads:
>
> You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '',
> '')' at line 1.
>
> And, finally, here's how I'm posting the form data:
> <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>">
>
> Anybody have any ideas?
>
> Thanks,
> Rich
>
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
