I may be wrong about the addslashes thing. Just trying to help :)

I would echo all of the post data. It appears as if very little was sent.
Check your form field names etc...



--
JJ Harrison
[EMAIL PROTECTED]
www.tececo.com


"Jj Harrison" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I would say that having to slashes causes the first slash to be ignored.
>
> try only doing addslashes() once.
>
> also make a variable for your query then use something like this to do it:
>
> $result = mysql_query($query) or die("Query failed: $query<br>" .
> mysql_error());
>
> If the query fails mySQL will tell you where your error is.
>
>
> --
> JJ Harrison
> [EMAIL PROTECTED]
> www.tececo.com
>
>
> "Rich Hutchins" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > I have been wrestling with this off and on for the past couple days and
> > would really appreciate some help.
> >
> > I have a "Guest Book" page that collects name, address, e-mail, etc. in
a
> > form. I won't post the form code because it's just HTML and it works
fine.
> > Besically, the page does one of two things:
> >
> > 1) Adds a new guest to the db.
> >
> > OR
> >
> > 2) Updates the information for a guest record (passed in from another
> page).
> >
> > I ran into problems with entering apostrophes for names like O'Reilly.
> > Naturally, I used addslashes(). However, adding addslashes() to the
UPDATE
> > SQL statement that gets executed in condition 2 above works flawlessly
> both
> > to and from the db while addslashes() in the INSERT SQL statement that
> gets
> > executed in condition 2 above continues to bomb out.
> >
> > Incidentally, if I attempt to add a new guest to the db without any
> special
> > characters, the process works just fine. So I know the error is related
to
> > those special characters.
> >
> > Here is the relevant SQL code:
> >
> > This statement works flawlessly.
> >
> > $sql = "UPDATE contactInfo SET
> > firstnames='".addslashes($_POST["firstnames"])."',
> > lastname='".addslashes($_POST["lastname"])."',
> > street1='".addslashes($_POST["street1"])."',
> > street2='".addslashes($_POST["street2"])."',
> > city='".addslashes($_POST["city"])."',
> > state='".addslashes($_POST["state"])."',
> > zip='".addslashes($_POST["zip"])."',
> > emailaddress='".addslashes($_POST["eMailAddress"])."',
> > screenname='".addslashes($_POST["screenName"])."' WHERE
> > personID='".$_POST["thisPersonID"]."'";
> >
> > This statement bombs.
> >
> > $sql = "INSERT INTO contactinfo (personID, firstnames, lastname,
street1,
> > street2, city, state, zip, emailaddress, screenname) VALUES (NULL,
> > '".addslashes($_POST["firstnames"])."',
> > '".addslashes($_POST["lastname"])."',
'".addslashes($_POST["street1"])."',
> > '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."',
> > '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."',
> > '".addslashes($_POST["eMailAddress"])."',
> > '".addslashes($_POST["screenName"])."')";
> >
> > If I type in the last name O'Grady and the first name Gail, the error I
> > receive when the statement bombs is fairly standard and reads:
> >
> > You have an error in your SQL syntax near 'Grady', '', '', '', '', '',
'',
> > '')' at line 1.
> >
> > And, finally, here's how I'm posting the form data:
> > <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>">
> >
> > Anybody have any ideas?
> >
> > Thanks,
> > Rich
> >
> >
>
>



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to