Ok. It seems that a $_POST value comes over with the escaped single quote as in O\'Neal. So why does it not preserve that escape when pulling a value from a table field, and inserting it back into another table field? When I pull it out and insert it back in it is simply O'Neal. -----Original Message----- From: Torsten Roehr [mailto:roehr@xxxxxxxxxxx] Sent: Monday, August 16, 2004 9:44 AM To: php-db@xxxxxxxxxxxxx Subject: Re: Basic MySQL Query Question Hi Chad, please see below "Chad Stalvey" <chad@xxxxxxxx> wrote in message news:200408161420.i7GEKsCT058166@xxxxxxxxxxxxxxx > I'm having some inconsistency with mysql insert queries when there is a > single quote involved. > > Example: A new member register's with the name of Jason O'Neal. There are no > addslashes in the code, and the user is entered into the table correctly. > > Insert into members (name) values ('$_POST[name]'); You don't need the quotes here because you want to insert the value of $_POST['name'] and not the string '$_POST[name]'. Change the line to: Insert into members (name) values ($_POST['name']); > > Now the user submits a trouble ticket from within the site. The process is > to select the name from the members table and insert it along with the > ticket, into the tickets table. When this happens, I get an error on the > insert. > > Select name from members where id = $_SESSION[uid]; > > Insert into tickets (name,problem) values ('$row[name]','$_POST[problem]'); You are always omitting the quotes around your array keys! Change it to: Select name from members where id = $_SESSION['uid']; and Insert into tickets (name,problem) values ($row['name'], $_POST['problem']); > > Now I am forced to use addslashes to make it work, as well for the problem > that they submit. > > What is the difference? It seems that if it works one place, then it should > work every where? > > Or would it matter that name is not a key in the members table but is in the > tickets, or Vice Versa? > > This is really bugging me. Please try if those changes solve your problem. Whenever one of your values will contain a single quote you will get an SQL error - so use addslashes() or (better) mysql_real_escape_string() on all insert values. Hope this helps. Regards, Torsten Roehr -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php