Ok. It seems that a $_POST value comes over with the escaped single quote as
in O\'Neal. So why does it not preserve that escape when pulling a value
from a table field, and inserting it back into another table field? When I
pull it out and insert it back in it is simply O'Neal.

-----Original Message-----
From: Torsten Roehr [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 16, 2004 9:44 AM
Subject: [PHP-DB] Re: Basic MySQL Query Question

Hi Chad, please see below

"Chad Stalvey" <[EMAIL PROTECTED]> wrote in message
> I'm having some inconsistency with mysql insert queries when there is a
> single quote involved.
> Example: A new member register's with the name of Jason O'Neal. There are
> addslashes in the code, and the user is entered into the table correctly.
> Insert into members (name) values ('$_POST[name]');

You don't need the quotes here because you want to insert the value of
$_POST['name'] and not the string '$_POST[name]'. Change the line to:

Insert into members (name) values ($_POST['name']);

> Now the user submits a trouble ticket from within the site. The process is
> to select the name from the members table and insert it along with the
> ticket, into the tickets table. When this happens, I get an error on the
> insert.
> Select name from members where id = $_SESSION[uid];
> Insert into tickets (name,problem) values

You are always omitting the quotes around your array keys! Change it to:

Select name from members where id = $_SESSION['uid'];
Insert into tickets (name,problem) values ($row['name'], $_POST['problem']);

> Now I am forced to use addslashes to make it work, as well for the problem
> that they submit.
> What is the difference? It seems that if it works one place, then it
> work every where?
> Or would it matter that name is not a key in the members table but is in
> tickets, or Vice Versa?
> This is really bugging me.

Please try if those changes solve your problem. Whenever one of your values
will contain a single quote you will get an SQL error - so use addslashes()
or (better) mysql_real_escape_string() on all insert values.

Hope this helps.

Regards, Torsten Roehr

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to