Hi Chad, please see below

"Chad Stalvey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> I'm having some inconsistency with mysql insert queries when there is a
> single quote involved.
>
> Example: A new member register's with the name of Jason O'Neal. There are
no
> addslashes in the code, and the user is entered into the table correctly.
>
> Insert into members (name) values ('$_POST[name]');

You don't need the quotes here because you want to insert the value of
$_POST['name'] and not the string '$_POST[name]'. Change the line to:

Insert into members (name) values ($_POST['name']);

>
> Now the user submits a trouble ticket from within the site. The process is
> to select the name from the members table and insert it along with the
> ticket, into the tickets table. When this happens, I get an error on the
> insert.
>
> Select name from members where id = $_SESSION[uid];
>
> Insert into tickets (name,problem) values
('$row[name]','$_POST[problem]');

You are always omitting the quotes around your array keys! Change it to:

Select name from members where id = $_SESSION['uid'];
and
Insert into tickets (name,problem) values ($row['name'], $_POST['problem']);

>
> Now I am forced to use addslashes to make it work, as well for the problem
> that they submit.
>
> What is the difference? It seems that if it works one place, then it
should
> work every where?
>
> Or would it matter that name is not a key in the members table but is in
the
> tickets, or Vice Versa?
>
> This is really bugging me.

Please try if those changes solve your problem. Whenever one of your values
will contain a single quote you will get an SQL error - so use addslashes()
or (better) mysql_real_escape_string() on all insert values.

Hope this helps.

Regards, Torsten Roehr

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to