Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PHP MySQL insert

Status
Not open for further replies.
benrob82

benrob82

Programmer
Jul 28, 2005
116
0
0
GB
I've read a number of threads to try and solve this problem, I have a query string link the one below

Code: 
$insert = "insert into accounts values ('$accountid',NOW(),'','','','website','$company_name','','Student: Student/Graduate Member','','$turnover','$tel3','$home_address1 $home_address2','$home_city','$home_county','$home_postcode','United Kingdom','$statement','','$tel4','','$email','','$website','','$employees','','','$term_address1 $term_address2','$term_city','$term_county','$term_postcode','United Kingdom','0')";

and if there are any single quotes or apostrophes ' the database does not update.

I dont seem to be able to find a solution for this. Can anyone help with a definitive answer?

Thanks
 
Sort by date Sort by votes
Do you have a typo in your example, because you have not end quote and comma after $home_address1. Also check your date definitions... you don't need quotes around numeric fields... ie $accountid or the zero at the end.

Paul Wesson, Programmer/Analyst
 
Upvote 0 Downvote
you need to escape values before inserting them into databases.
Code: 
<?
$insert = "
		insert 
			into accounts 
		values (
		'".mysql_escape_string($accountid)."',
		NOW(),
		'',
		'',
		'',
		'website',
		'".mysql_escape_string($company_name)."',
		'',
		'".mysql_escape_string("Student: Student/Graduate Member")."',
		'',
		'".mysql_escape_string($turnover)."',
		'".mysql_escape_string($tel3)."',
		'" mysql_escape_string($home_address1 . " " . $home_address2)."',
		'".mysql_escape_string($home_city)."',
		'".mysql_escape_string($home_county)."',
		'".mysql_escape_string($home_postcode)."',
		'United Kingdom',
	'".mysql_escape_string($statement)."',
	'',
	'".mysql_escape_string($tel4)."',
	'',
	'".mysql_escape_string($email)."',
	'',
	'".mysql_escape_string($website)."',
	'',
	'".mysql_escape_string($employees)."',
	'',
	'',
	'".mysql_escape_string($term_address1 ." ".$term_address2)."',
	'".mysql_escape_string($term_city)."',
	'".mysql_escape_string($term_county)."',
	'".mysql_escape_string($term_postcode)."',
	'United Kingdom',
	'0')";
	?>
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
120
SashaBuilder3
SashaBuilder3
lexer
  • Locked
  • Question
Join two mysql tables for populate datatable
Replies
3
Views
97
spamjim
spamjim
PeDa
  • Locked
  • Question
Unwanted spaces in php HTML mail 1
Replies
4
Views
108
PeDa
PeDa
ersatz
  • Locked
  • Question
How to send 2 select from mysql database in email like tables
Replies
5
Views
152
ersatz
ersatz
Mandy_crw
  • Locked
  • Question
How to send sms in PHP using usb gsm modem?
Replies
1
Views
121
vishvajit
vishvajit

Part and Inventory Search

Sponsor

Back
Top