On Tue, May 16, 2006 11:38 pm, John Meyer wrote: > $sql = "INSERT INTO > BOOKS(CopyrightYear,CoverType,DatePurchased,EditionNumber,ISBNNumber,Notes,Pages,Publisher,LOCNumber) > VALUES(\"" . $_POST["copyrightyear"] . "\",\"" . $_POST["covertype"] . > "\",\"" . $_POST["datepurchased"] . "\"," . $_POST["editionnumber"] . > ",\"" . $_POST["isbn"] . "\",\"" . addslashes($_POST["notes"]) . "\"," > . > (isset($_POST["numberofpages"])?$_POST["numberofpages"]:0) . ",\"" . > $_POST["publisher"] . "\",\"" . $_POST["locnumber"] . "\")"; > > > Okay, when $_POST["notes"] contains quotes, it seems to break the > series, ie returns an error at that point of the SQL statement, even > with addslashes(), am I doing something wrong there? addslashes should be changed to http://php.net/mysql_real_escape_string but that won't solve your problem. Could you PLEASE tell us exactly what is in $_POST["notes"] other than something with a quote? Could you PLEASE use mysql_error() to give us the exact error message? And, just for fun, print out the EXACT query after all that mess of quotes is done? For that matter, you're making life really difficult with the double-quote thing... $query = "INSERT INTO Books(...) VALUES('$CLEAN[copyrightyear]', '$CLEAN[covertype]', ...)"; This presumes that you have scrubbed $_POST data into $CLEAN like you should also be doing. You could use $_POST in place of $CLEAN if you don't care about SQL injection attacks... -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
