Paul_S_Johnson@xxxxxxxxxxxxxxxx wrote:
> Yes, I may have mixed up the input and output from different iterations of
> running it. Let me try posting this again although it may not be an issue.
> Once again if I enter two sequential apostrophes in the name (O''Brien)
> the INSERT passes right through to MySQL without an error.
>
> THE INPUT:
>
> $sql_insert_registration = sprintf("INSERT INTO
> Registrations (
> Class_ID,
> prid,
> Registrant,
> Company,
> Phone,
> Email
> )
> VALUES (
> $_POST[Class_ID],
> $_POST[prid],
> '%s',".
> parseNull($_POST['Company']).",
> '$_POST[Phone]',
> '$_POST[Email]'
> )", mysql_real_escape_string($_POST['Registrant']));
>
> echo "<pre>$_POST['Registrant".$_POST["Registrant"]."</pre>";
> echo "<pre>".mysql_real_escape_string($_POST["Registrant"])."</pre>";
> echo "<pre>".$sql_insert_registration."</pre>";
>
>
> THE OUTPUT:
>
> Brian O'Brien
> Brian O\'Brien
> INSERT INTO
> Registrations (
> Class_ID,
> prid,
> Registrant,
> Company,
> Phone,
> Email
> )
> VALUES (
> 355,
> 257,
> 'Brian O\'Brien',NULL,
> '612-456-5678',
> 'somebody@xxxxxxxxxxxxx'
> )
> Error: You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use near
> 'Brien', 'Class registration confirmation', ' This email ' at line 16
>
>
> Paul S. Johnson
> U.S. Bankruptcy Court
> District of Minnesota
> paul_s_johnson@xxxxxxxxxxxxxxxx
> 612-664-5276
Check the settings for magic-quotes, and make sure you aren't using
stripslashes somewhere?
Also, echo the actual query that is being passed to mysql to check what is
happening.
Cheers
--
David Robley
Life is Roff when yer Stewpid
Today is Sweetmorn, the 70th day of Confusion in the YOLD 3176.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
