On Aug 3, 2010, at 8:08 AM, Peter Lind wrote:
On 3 August 2010 15:04, <Paul_S_Johnson@xxxxxxxxxxxxxxxx> wrote:
Yes, I may have mixed up the input and output from different
iterations of
running it. Let me try posting this again although it may not be
an issue.
Once again if I enter two sequential apostrophes in the name
(O''Brien)
the INSERT passes right through to MySQL without an error.
THE INPUT:
$sql_insert_registration = sprintf("INSERT INTO
Registrations (
Class_ID,
prid,
Registrant,
Company,
Phone,
Email
)
VALUES (
$_POST[Class_ID],
$_POST[prid],
'%s',".
parseNull($_POST['Company']).",
'$_POST[Phone]',
'$_POST[Email]'
)", mysql_real_escape_string($_POST['Registrant']));
echo "<pre>$_POST['Registrant".$_POST["Registrant"]."</pre>";
echo "<pre>".mysql_real_escape_string($_POST["Registrant"])."</pre>";
echo "<pre>".$sql_insert_registration."</pre>";
THE OUTPUT:
Brian O'Brien
Brian O\'Brien
INSERT INTO
Registrations (
Class_ID,
prid,
Registrant,
Company,
Phone,
Email
)
VALUES (
355,
257,
'Brian O\'Brien',NULL,
'612-456-5678',
'somebody@xxxxxxxxxxxxx'
)
Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to
use near
'Brien', 'Class registration confirmation', ' This email ' at line 16
Strangely, you have still failed to provide the input that is actually
sent to mysql. Look at the error code: "... for the right syntax to
use near 'Brien', 'Class registration confirmation', ' This email '" -
"Class registration confirmation" does not appear anywhere in the
output section you posted but it appears in the mysql error.
I'd do as Bret suggested and turn on query logging in mysql to see
what is actually received.
Regards
Peter
--
<hype>
WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15
</hype>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Can't you just..
VALUES = mysql_real_escape(VALUES);
before submitting
or something similar?
maybe urlencode
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php