Re: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-03 Thread Werner Stuerenburg
insert into test values (0,''; DELETE FROM test; ',1); ERROR 1064: You have an error in your SQL syntax near '' at line 1 what about insert into test values (0,'\'; DELETE FROM test; ',1); the character ' is used to denote the beginning and the end of a field value. If you have this

RE: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-03 Thread Chris Worth
Thanks everybody, and Sam, that makes sense WRT the multiple words causing troubles. On Wed, 1 Aug 2001 12:54:01 -0400, Sam Masiello wrote: You will need to put single quotes around your variables in your SQL statement. Like this: $sql = UPDATE TABLE seminar SET

RE: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-02 Thread Tim Ward
] [SMTP:[EMAIL PROTECTED]] Sent: 01 August 2001 18:03 To: php Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's wrong no offense to you sam, but please dont ever simply place single quotes around values. you have to escape the values

Re: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-02 Thread mike cullerton
To: php Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's wrong no offense to you sam, but please dont ever simply place single quotes around values. you have to escape the values *themselves*. what if someone submitted the form field title as: $title = '; DELETE FROM

Re: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-01 Thread Matt Greer
on 8/1/01 11:35 AM, Chris Worth at [EMAIL PROTECTED] wrote: hey gang. here is my sql statement from my php script. $sql = UPDATE TABLE seminar SET title=$title,speaker=$speaker,event_date=$tdate,time=$time,bldg=$building ,rm=$room WHERE id=$id; strings in a mysql query need to

RE: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-01 Thread Sam Masiello
You will need to put single quotes around your variables in your SQL statement. Like this: $sql = UPDATE TABLE seminar SET title='$title',speaker='$speaker',event_date='$tdate',time='$time',bldg='$bu ilding' ,rm='$room' WHERE id='$id'; Without the quotes, SQL doesn't know that Something

RE: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-01 Thread scott [gts]
your own with relative ease: function db_quote($value) { return '. preg_replace(/'/, '', $value) .' } -Original Message- From: Matt Greer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 12:45 PM To: [EMAIL PROTECTED] Subject: Re: [PHP] SQL syntax error in PHP script. dunno

RE: [PHP] SQL syntax error in PHP script. dunno what's wrong

2001-08-01 Thread scott [gts]
]] Subject: RE: [PHP] SQL syntax error in PHP script. dunno what's wrong You will need to put single quotes around your variables in your SQL statement. Like this: $sql = UPDATE TABLE seminar SET title='$title',speaker='$speaker',event_date='$tdate',time='$time',bldg='$bu ilding' ,rm