MySQL Error

MySQL Error

sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
I don't even know where to begin....

Warning: mysql_query() [http://www.mysql.com/doc]: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''shouts' SET 'userid' = 2, 'date' = NOW(), 'message' = 'hjkl'' at line 1 in /var/www/shoutbox.php on line 50
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''shouts' SET 'userid' = 2, 'date' = NOW(), 'message' = 'hjkl'' at line 1

php code

<?php
else
{
mysql_query("INSERT INTO 'shouts' SET
'userid' = {$_SESSION['uid']},
'date' = NOW(),
'message' = '$shout' "
) or die(mysql_error());
}
?>

 
 
2010 Sep 26 at 04:17 PDT
SRAW
Rocket Man

2007 Nov 6 • 2525
601 ₧
sprinkles said:
I don't even know where to begin....

Warning: mysql_query() [http://www.mysql.com/doc]: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''shouts' SET 'userid' = 2, 'date' = NOW(), 'message' = 'hjkl'' at line 1 in /var/www/shoutbox.php on line 50
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''shouts' SET 'userid' = 2, 'date' = NOW(), 'message' = 'hjkl'' at line 1

php code

<?php
else
{
mysql_query("INSERT INTO 'shouts' SET
'userid' = {$_SESSION['uid']},
'date' = NOW(),
'message' = '$shout' "
) or die(mysql_error());
}
?>















































Superjer has syntax highlighting :O
Free Steam Games
 
 
2010 Sep 26 at 05:46 PDT
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
It seems it didn't like the $_SESSION['uid'] and NOW(). I subsituted them for variables. And now its telling me:
code
Warning: mysql_query() [http://www.mysql.com/doc]: Unknown column 'fdafda' in 'field list' in /var/www/shoutbox.php on line 52

line 49-52 code
49 mysql_query("INSERT INTO `shouts` SET
50 `_userid` = $id,
51 `_date` = $now,
52 `_message` = $shout ");
 
 
2010 Sep 26 at 09:21 PDT — Ed. 2010 Sep 26 at 09:22 PDT
SuperJer
Websiteman

2005 Mar 20 • 6201
In MySQL, table and column names do not need to be quoted. But if you want to anyway, you must use `backticks`.

For string values, you need to use 'quotes'.

MySQL code
UPDATE `sometable` SET `col`='$value';


Notice that if $value itself contains 'quotes' it will mess up the query, which is why you need mysql_real_escape_string(). So do something like this first:

php code

<?php
$value
= mysql_real_escape_string($value);
?>

 
 
2010 Sep 26 at 23:16 PDT
sprinkles

Chrome Whore
2009 Sep 6 • 2547
10 ₧
Superjer, you must have gone to "Learn everything about everything" college.

BTW:
php code

<?php
require_once 'protect.php';
?>


php code

<?php
if (isset($_POST['submit']))
{
$shout = protect($_POST['shout']);
?>


php code

<?php
function protect($sValue)
{
$sValue = mysql_real_escape_string($sValue);
$sValue = htmlentities($sValue, ENT_QUOTES);
$sValue = trim($sValue);
return
$sValue;
}
?>



Now that I look at it mysql_real_escape_string and htmlentities together kind of mess things up.
php code

<?php
$sValue
= "Hello, e'erybody";
$sValue = mysql_real_escape_string($sValue);
?>


$sValue now equals "Hello, e\'erbody";
php code

<?php
$sValue
= htmlentities($sValue, ENT_QOUTES);
?>


$sValue now equals "Hello, e\'erbody"

Right?
Haha, it converted the HTML representation of ' to '.
But you get what I mean right?
 
 
2010 Sep 27 at 19:07 PDT — Ed. 2010 Sep 27 at 20:54 PDT
SuperJer
Websiteman

2005 Mar 20 • 6201
You shouldn't be using those two functions together like that. If you do, you need to decode/unescape them in the reverse order. But I don't see the point.

If you need html encoding and mysql escaping then you probably need 2 separate variables like $htmlValue and $sqlValue for instance. The 1st for display and the second for use in SQL queries.
 
 
2010 Sep 30 at 12:31 PDT
Page [1]