Just a quick post to say that I resolved this issue. Thanks, JJ, for taking the time to reply. Turns out it WAS just something stupid like I thought. A bad HREF pointing to an old version of the page without the addslashes() stuff implemented.
Rich -----Original Message----- From: JJ Harrison [mailto:[EMAIL PROTECTED]] Sent: Friday, August 02, 2002 8:01 PM To: [EMAIL PROTECTED] Subject: [PHP-DB] Re: Addslashes in SQL Statement I may be wrong about the addslashes thing. Just trying to help :) I would echo all of the post data. It appears as if very little was sent. Check your form field names etc... -- JJ Harrison [EMAIL PROTECTED] www.tececo.com "Jj Harrison" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I would say that having to slashes causes the first slash to be ignored. > > try only doing addslashes() once. > > also make a variable for your query then use something like this to do it: > > $result = mysql_query($query) or die("Query failed: $query<br>" . > mysql_error()); > > If the query fails mySQL will tell you where your error is. > > > -- > JJ Harrison > [EMAIL PROTECTED] > www.tececo.com > > > "Rich Hutchins" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I have been wrestling with this off and on for the past couple days and > > would really appreciate some help. > > > > I have a "Guest Book" page that collects name, address, e-mail, etc. in a > > form. I won't post the form code because it's just HTML and it works fine. > > Besically, the page does one of two things: > > > > 1) Adds a new guest to the db. > > > > OR > > > > 2) Updates the information for a guest record (passed in from another > page). > > > > I ran into problems with entering apostrophes for names like O'Reilly. > > Naturally, I used addslashes(). However, adding addslashes() to the UPDATE > > SQL statement that gets executed in condition 2 above works flawlessly > both > > to and from the db while addslashes() in the INSERT SQL statement that > gets > > executed in condition 2 above continues to bomb out. > > > > Incidentally, if I attempt to add a new guest to the db without any > special > > characters, the process works just fine. So I know the error is related to > > those special characters. > > > > Here is the relevant SQL code: > > > > This statement works flawlessly. > > > > $sql = "UPDATE contactInfo SET > > firstnames='".addslashes($_POST["firstnames"])."', > > lastname='".addslashes($_POST["lastname"])."', > > street1='".addslashes($_POST["street1"])."', > > street2='".addslashes($_POST["street2"])."', > > city='".addslashes($_POST["city"])."', > > state='".addslashes($_POST["state"])."', > > zip='".addslashes($_POST["zip"])."', > > emailaddress='".addslashes($_POST["eMailAddress"])."', > > screenname='".addslashes($_POST["screenName"])."' WHERE > > personID='".$_POST["thisPersonID"]."'"; > > > > This statement bombs. > > > > $sql = "INSERT INTO contactinfo (personID, firstnames, lastname, street1, > > street2, city, state, zip, emailaddress, screenname) VALUES (NULL, > > '".addslashes($_POST["firstnames"])."', > > '".addslashes($_POST["lastname"])."', '".addslashes($_POST["street1"])."', > > '".addslashes($_POST["street2"])."', '".addslashes($_POST["city"])."', > > '".addslashes($_POST["state"])."', '".addslashes($_POST["zip"])."', > > '".addslashes($_POST["eMailAddress"])."', > > '".addslashes($_POST["screenName"])."')"; > > > > If I type in the last name O'Grady and the first name Gail, the error I > > receive when the statement bombs is fairly standard and reads: > > > > You have an error in your SQL syntax near 'Grady', '', '', '', '', '', '', > > '')' at line 1. > > > > And, finally, here's how I'm posting the form data: > > <form name="eMailEdit" method="post" action="<?=$PHP_SELF?>"> > > > > Anybody have any ideas? > > > > Thanks, > > Rich > > > > > > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
