I agree, the slashes are killing the query. I would suggets doing this: $add = "INSERT INTO movies SET > movie_name=\"$movie_name\", > genre=\"$genre\", > director=\"$director\", > star1=\"$star1\", > star2=\"$star2\", > star3=\"$star3\", > brief_synopsis=\"$brief_synopsis\", > imdb_link=\"$imdb_link\""; "Rich Hutchins" <rhutchin@xxxxxxxxxxxxxxxx> ha scritto nel messaggio news:EHEBKOMFPIKNCMMBKMHOKEBCCAAA.rhutchin@xxxxxxxxxxxxxxxxxxx > The apostrophe (') in your data is, most likely, killing the SQL statement > when it is sent to the server. Use addslashes() around all of your form data > to prevent this and also to help guard against SQL injection attacks. > > Ex: > > $add = "INSERT INTO movies SET > movie_name='".addslashes($movie_name)."', > genre='".addslashes($genre)."', > director='".addslashes($director)."', > star1='".addslashes($star1)."', > star2='".addslashes($star2)."', > star3='".addslashes($star3)."', > brief_synopsis='".addslashes($brief_synopsis)."', > imdb_link='$imdb_link'"; > > Hope this helped. > Rich > -----Original Message----- > From: Andrew Rothwell [mailto:andrew@xxxxxxxxxxxxxxxxxx] > Sent: Sunday, June 13, 2004 1:48 PM > To: php-db@xxxxxxxxxxxxx > Subject: RE: Mysql not receiving the data > > > Hi Larry, Thank you very much for the very quick response, I set my php.ini > file (located /etc/php.ini ) for the register_globals = On (it was off by > default) > > Now however I get an error > Error adding entry: You have an error in your SQL syntax near 's spanish > driver is found shot dead, Inspector Jacques Clouseau is the first off' at > line 8 > > My Database is a movie database of my dvd's that I own (for insurance > reasons) > > My addmovie.php is this > <? > mysql_connect("localhost","username","password"); > mysql_select_db("movies"); > $add = "INSERT INTO movies SET > movie_name='$movie_name', > genre='$genre', > director='$director', > star1='$star1', > star2='$star2', > star3='$star3', > brief_synopsis='$brief_synopsis', > imdb_link='$imdb_link'"; > if (@mysql_query($add)) > { > echo("<p>Your entry has been added. <br> > $movie_name</p>"); > } > else > { > echo("<p>Error adding entry: " . > mysql_error() . "</p>"); > } > ?> > > > And the addmovie.htm page (atleast the form action is this) > > <body bgcolor="#FFFFFF"> > <form method="post" action="addmovie.php" name="addmovies"> > <table width="300" border="0" cellspacing="2" cellpadding="2" > bordercolordark="#FF0033" bordercolorlight="#FFFF66"> > <tr> > <td width="41%" bgcolor="#999999">Movie Name </td> > <td width="59%" bgcolor="#99FFCC"> > <input type="text" name="movie_name"> > </td> > </tr> > > > Andrew > > -----Original Message----- > From: Larry E. Ullman [mailto:LarryUllman@xxxxxxxxxxxxxxx] > Sent: Sunday, June 13, 2004 11:22 AM > To: Andrew Rothwell > Cc: php-db@xxxxxxxxxxxxx > Subject: Re: Mysql not receiving the data > > > Online I could see everything, and the pages gave the appearance of > > working, however when I went into the DB using PHPMYADMIN to check the > > status of the new data entered, all I found was blank rows ( for the > > new data since the rebuild, all the old data was there) There were the > > correct number of new rows for the amount of records that I had > > entered, which tells me (unless I am nistaken) that the PHP is talking > > to the DB, and is atleast sending a insert command, but the rest of > > the data is not getting in. - > > Without seeing any code whatsoever and since this worked before but no > longer works on a new install, I can only assume that your code was written > with the assumption that register_globals was turned on and it's not on in > your current configuration. > > If that is the case, see the PHP manual or search the Web for the solution > ($_POST, $_GET, etc.). > > Larry > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
