all of a sudden,on my joke site,when i add a joke i get this.. you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's arm, eye, and dick. Of course, Tarzan's jungle friends help him out by giving ' at line 5 It was a joke i was adding.I have added multiline jokes before with no issues..can someone tell me wtf this means?Thanks
Can't say for sure, but I'm guessing that the visitor had a single quote in their joke that caused the SQL statement to fail. Make sure to escape single quotes before saving the text to your database.
what dylan is saying is to use addslashes around the title and body of the joke prior to inserting and then stripslashes before sending to the browser.
thanks..ill try it..although i have never had the problem before.Thanks..ill let ya'll know how it works
Wrap your fields with an escape function like this one: /** * Function to prepare MySQL strings for DB entry * @author Bobby Easland * @version 1.0 * @param string $text Text to be prepared for input * @return string */ function prepareSQL($text){ if ( get_magic_quotes_gpc() ) { $text = stripslashes($text); } if ( is_string($text) === true ) { $text = mysql_real_escape_string($text); } return $text; } #end function PHP: When I need to get it done fast and dirty this is the function that I use...otherwise I use a sanitizer class. I tend to code in paranoid mode so it's not too often I'll use this function by itself. Your mileage may vary.... Bobby