insert into test values (0,''; DELETE FROM test; ',1);
ERROR 1064: You have an error in your SQL syntax near '' at line 1
what about
insert into test values (0,'\'; DELETE FROM test; ',1);
the character ' is used to denote the beginning and the end of a
field value. If you have this
Thanks everybody, and Sam, that makes sense WRT the multiple words causing
troubles.
On Wed, 1 Aug 2001 12:54:01 -0400, Sam Masiello wrote:
You will need to put single quotes around your variables in your SQL
statement. Like this:
$sql = UPDATE TABLE seminar SET
] [SMTP:[EMAIL PROTECTED]]
Sent: 01 August 2001 18:03
To: php
Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's
wrong
no offense to you sam, but please dont ever simply place
single quotes around values. you have to escape the values
To: php
Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's
wrong
no offense to you sam, but please dont ever simply place
single quotes around values. you have to escape the values
*themselves*.
what if someone submitted the form field title as:
$title = '; DELETE FROM
on 8/1/01 11:35 AM, Chris Worth at [EMAIL PROTECTED] wrote:
hey gang.
here is my sql statement from my php script.
$sql = UPDATE TABLE seminar SET
title=$title,speaker=$speaker,event_date=$tdate,time=$time,bldg=$building
,rm=$room WHERE id=$id;
strings in a mysql query need to
You will need to put single quotes around your variables in your SQL
statement. Like this:
$sql = UPDATE TABLE seminar SET
title='$title',speaker='$speaker',event_date='$tdate',time='$time',bldg='$bu
ilding'
,rm='$room' WHERE id='$id';
Without the quotes, SQL doesn't know that Something
your own with relative ease:
function db_quote($value) {
return '. preg_replace(/'/, '', $value) .'
}
-Original Message-
From: Matt Greer [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 01, 2001 12:45 PM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] SQL syntax error in PHP script. dunno
]]
Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's wrong
You will need to put single quotes around your variables in your SQL
statement. Like this:
$sql = UPDATE TABLE seminar SET
title='$title',speaker='$speaker',event_date='$tdate',time='$time',bldg='$bu
ilding'
,rm
8 matches
Mail list logo