On Wed, Jul 1, 2009 at 10:56 AM, Miller,
Terion<tmiller@xxxxxxxxxxxxxxxxxxxx> wrote:
> Why doesn't this work?
>
>
> $query = "SELECT * FROM `restaurants` WHERE name ='$ucName' AND
> address = '$ucAddress' " ;
>
> $result = mysql_query($query) or die(mysql_error());
>
>
> echo $result;
> $row = mysql_fetch_array ($result);
>
>
>
> $sql = "INSERT INTO `restaurants` (name, address, inDate, inType, notes,
> critical, cviolations, noncritical) VALUES (" ;
> $sql .= " '$ucName',
> '$ucAddress', '$inDate', '$inType', '$notes', '$critical',
> '$cleanViolations', '$noncritical')";
>
>
>
> $result = mysql_query($sql) or die(mysql_error());
>
> The error I keep getting is:
>
> You have an error in your SQL syntax; check the manual that corresponds to
> your MySQL server version for the right syntax to use
>
> And I have gone in the mySQL panel and let it make the query ....so I'm
> really stumped why it hangs ...
>
>
>
The last example you posted said:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 's Roast Beef Restaurant #9459', ' 1833 W Republic Rd ',
'3/2/09', '' at line 1
This indicated that the value for $ucName contained an
apostrophe/single-quote character. (Perhaps it was supposed to be
"Arby's Roast Beef Restaurant #9459"?).
Try this:
<?php
$data = array($ucName, $ucAddress, $inDate, $inType, $notes,
$critical, $cleanViolations, $noncritical);
$sql = vprintf("INSERT INTO `restaurants` (name, address, inDate,
inType, notes, critical, cviolations, noncritical) VALUES ('%s', '%s',
'%s', '%s', '%s', '%s', '%s', '%s')",
array_map('mysql_real_escape_string', $data));
$result = mysql_query($sql) or die(mysql_error());
?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
