|
PHP - Syntax Error - Single Quote
This will have been posted before, but I can't find a solution that works. Most people say to try mysql_real_escape_string, I have tried lots of variations and it doesn't seem to work.
Could anyone help with the below code? It is part of a form that returns a syntax error when adding a single quotation mark e.g. entering "Bryan's" into the form causes the error. I'd be really grateful for any assistance. Steven P.S. Before anyone mentions it, the mysql connect does work - I just haven't included the full page of code. Code: [Select] mysql_connect($dbserver, $dbusername, $dbpassword); mysql_select_db($dbname); $sitetitle = htmlentities($_POST[sitetitle]); $query = mysql_query("UPDATE site_settings SET sitetitle = '$sitetitle'"); echo("<b>Settings Updated!</b>"); Similar TutorialsWhen I add a ' or " quotes in a textarea I get a sql error when it tries to insert the record.
I was told to use mysqli_real_escape_string but that didn't work.
Here's my code -
$blog= mysqli_real_escape_string($con, $_POST['blog']);
$blog= $_POST['message'];
$sql = "SELECT * FROM table WHERE `message` = '{$message}'";
$result = mysql_query($sql);
if ( mysql_num_rows ( $result ) > 0 )
{
$error = "Message Exists.";
}
else
{
$error = "This message does not exist. Insert it!!!";
$sql="INSERT INTO table (message) VALUES ('$_POST[message])";
}
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
mysqli_close($con)
Edited by barkly, 26 October 2014 - 09:31 PM. Hi, I'm trying to delete a string that's single quoted. From: Cyto's to Cyto, but doesn't work. It works when I add 's to the string with stripslashes, but I can't seem to delete a quote from a string. Does someone know how? My $_post code: Code: [Select] $name=mysql_real_escape_string(stripslashes($_POST["ename"])); Cheers I have a form that people can fill out, and then it echos the string, however right now they can't use single quotes. Below is how I have it settup. Code: [Select] $side = '<p>About Me:</p> <ul> <li>Birth Date: October, 23rd, 2010</li> <li>Hometown: Rapid City, SD</li> <li>Height: 4\'</li> <li>Weight: 50lbs</li> <li>Foot Size: 4</li> <li>Favorite Movie: All of the Shrek Movies!</li> <li>Favorite Book: Winnie the Pooh Series</li> <li>Favorite Cartoon Character: Eeyore or Donkey from Shrek!</li> <li>Favorite TV Show: Anything on Animal Planet!</li> <li>Favorite Food: Hay</li> <li>Favorite Pro Sports Team: Rapid City Rush</li> <li>Favorite Mascot: Nugget, of course!</li> <li>Favorite Game: Donkey Kong!<br /> </li> </ul>'; if ($side != NULL){ echo "<div class=\"grid_6\" id=\"tertiary\"> $side </div>"; }else{ } And I would be able to use $side = "whatever I want to write"; because then they would still need to escape the double quotes with \" if they wanted to put in a link or anything. How do I do this with allowing them to just use single quotes when they enter their data so they don't have to \' (escape the single quote)? Thanks Hi, I am able to parse php variable in double quote but not in single quote. How can I parse in single quote. Following example shows 2 results and I want same result in both. First Name : Zohaib First Name : $firstname Code: [Select] // Connecting, selecting database $link = mysql_connect('localhost', 'root', 'password'); mysql_select_db('dbname'); // Performing SQL query $query = 'SELECT first_name FROM tablename'; $result = mysql_query($query); // Printing results in HTML while ($row = mysql_fetch_assoc($result)) { $firstname=$row['first_name']; } echo"<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>"; echo'<table> <tr> <td>First Name : </td> <td>$firstname</td> </tr></table>'; What are the changes I need to do to achieve same result. Any solution ? - Thanks. I am trying to do the seemingly simple thing - replace all single quotes in text str_replace ("'", "´", $text); It does not replace anything. I trying escaping single quote, using other similar functions - nope. Also tried to google What I an doing wrong? Any help would ne much appreciated. I am making a simple script for my friend that uses mod_rewrite, but for testing I don't use the mod_rewrite link. The page is video.php The extension is ?title= I have having a problem when I type the title with a Single Quote in it('). Example. video.php?title=The-Sorcerer's-Apprentice I have str_replace for the dash(-) to be replaced as a space, so that's not the problem. Here's my code. <?php if($_GET) { $title="{$_GET['title']}"; $title = str_replace('_', ' ', $title); $title = str_replace('-', ' ', $title); if ($list = mysql_query("SELECT * FROM videos WHERE title='". mysql_real_escape_string($title) ."'") or die (mysql_error())); { if(mysql_num_rows($list) > 0){ if (mysql_num_rows($list)) { while($videos=mysql_fetch_array($list)) { ?> <div id="content"> <center><h3><?php echo $videos['title']; ?></h3> <object width="640" height="385"><param name="movie" value="<?php echo $videos['youtubelink']; ?>"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="<?php echo $videos['youtubelink']; ?>" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object> <br/><br/><a onclick="javascript:history.go(-1)" href="#">Go Back</a> </center> </div> <?php } } } ?> Hi, I'm trying to type in a name of a song into an input field, for example: I'll Be Missing you This field is captured through $_POST and set to a variable $title I then update the table with this new title. Once it is updated, all that is shown in the data is: I The single quote, and anything after it is gone completely. Here is my query. How can I change this so it includes the single quote and everything after it? $sql = "UPDATE sheets SET artist = '$artist', title = '$title', active = '$activestatus' WHERE id = $value"; $result = mysql_query($sql) or die(mysql_error().'<br>'.$sql); If more code is required to understand what I'm talking about, let me know. Let me preface this by saying that I've been using php for a while, but never got extremely advanced, so feel free to slap me about for something stupid... I'm working through a jQuery & PHP book, and I've noticed that he's wrapping all his column and table names in the apostrophe ` when making MySQL queries . In the past I've never done this. What does the ` do? I understand about single quotes and double quotes, but haven't come across the ` being used. What's the deal? Is there a difference between a single quote regex and and double quote regex ?
for example :
<?php
$res1 = preg_match('/shi*t/', $comment);
$res2 = preg_match("/shi*t/", $comment);
?>
Thank you
Edited by Dareros, 17 September 2014 - 07:07 PM. Hi I have a simple form and when the user submits, php is putting a \ before every single quote entered in the field. So for example, if a user enters O'Neill, once i do $lastName = $_POST["lastname"]; $lastName comes back as: O\'Neill is there some way I can turn this off? I'm so sorry for this question but I not really know how to play with single and double quote. If I have a query like this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done WHERE ID IN ('.implode(',', $done).')'); And I wish to add Code: [Select] SentAt='$date' in the query as well , and I try this: Code: [Select] mysql_query('UPDATE table SET Status=1,Sending=Done,SentAt='$date' WHERE ID IN ('.implode(',', $done).')'); Not working...how should I write it? Thank you. I have been looking at this code most of the morning and do not have a clue what is wrong with the code. I am hoping its not a stupid mistake, can someone please help me out? thank you
<title>Inputing Travel Detials</title>
<header>
<h1 align="center"> Adding Travel Detials </h1>
<body>
<p> <center><img src="cyberwarfareimage1.png" alt="Squadron logo" style="width:200px;height:200px" style="middle"></center>
<table border="1">
<tr>
<td><a href="index.php"> Home Page </a></td>
<td><a href="administratorhomepage.html">Administrator Home Page </a></td>
<td><a href="viewhomepage.html">View Home Page </a></td>
<td><a href="Inputhomepage.html">Input Home Page </a></td>
<td><a href="traveldetials.html">Enter More Travel Detials </a></td>
</table>
</p>
<?php
include "connection.php";
$Applicant_ID = $_POST["Applicant_ID"];
$Method_Of_Travel = $_POST["Method_Of_Travel"];
$Cost = $_POST["Cost"];
$ETA = $_POST["ETA"];
$Main_Gate_Advised = $_POST["Main_Gate_Advised"];
$query = ("UPDATE `int_board_applicant` SET `Method_Of_Travel`=`$Method_Of_Travel', `Cost`=`$Cost', `ETA`='$ETA', `Main_Gate_Advised`='$Main_Gate_Advised' WHERE `Applicant_ID`='$Applicant_ID'");
$result = mysqli_query($dbhandle, $query)
or die(mysqli_error($dbhandle));
if($result){ echo "Success!"; }
else{ echo "Error."; }
// successfully insert data into database, displays message "Successful".
if($query){
echo "Successful";
}
else {
echo "Data not Submitted";
}
//closing the connection
mysqli_close($dbhandle)
?>
Ok this is puzzleing. I am geting "Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1". but its is deleting the entry that needs to be removed. The "1" is the entry. Just not sure what is causing the error. I do have another delete php but I have put that on the back burning for the time being.
<?php $con = mysqli_connect("localhost","user","password","part_inventory"); // Check connection if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } else { $result = mysqli_query($con, "SELECT * FROM amp20 "); $amp20ptid = $_POST['amp20ptid']; // escape variables for security $amp20ptid = mysqli_real_escape_string($con, $_POST['amp20ptid']); mysqli_query($con, "DELETE FROM amp20 WHERE amp20ptid = '$amp20ptid'"); if (!mysqli_query($con, $amp20ptid)); { die('Could not delete data: ' . mysqli_error($con)); } echo "Part has been deleted to the database!!!\n"; mysqli_close($con); } ?> Hi guys
I have this code below and all works fine when submitting this online application apart from when someone types either ' # & into one of the comment fields in which it throws up the error. Have tried various fixes from across the internet but no joy. Can anyone offer suggestions?
<?php
$con = mysql_connect("localhost:3306","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('sfapp', $con);
$sql="INSERT INTO 'sfapp' ('surname_add','forename_add','dob_add','hometele_add','mobiletele_add','homeadd_add','siblings_add','schoolname_add','headname_add','schooladd_add','schooltele_add','schoolem_add','alevel_add','personstate_add','nameprovided_add','pe_add','se_add','PredGrade_Art','PredGrade_AScience','PredGrade_BusStudies','PredGrade_Electronics','PredGrade_EnglishLang','PredGrade_EnglishLit','PredGrade_French','PredGrade_German','PredGrade_Geog','PredGrade_Graphics','PredGrade_History','PredGrade_Maths','PredGrade_SepScience','PredGrade_ProductDesign','PredGrade_Spanish','PredGrade_Other','Gender_Male','Gender_Female','Sub_EnglishLit','Sub_Maths','Sub_FurtherMaths','Sub_Biology','Sub_Chemistry','Sub_Physics','Sub_French','Sub_German','Sub_Spanish','Sub_Geography','Sub_History','Sub_RE','Sub_FineArt','Sub_Business','Sub_Computing','Sub_GlobPersp','Sub_DramaAndTheatre','Sub_PE','Sub_Dance','Sub_Politics','Sub_Psychology','Sub_Sociology','readprospect_chk','Sib_Yes','Sib_No','Current_Student_Yes','Current_Student_No','I_Understand_chk','Current_Education_chk','Local_Care_chk','Staff_Cwhls_chk','Sub_Film')
VALUES
('$_POST[surname_add]','$_POST[forename_add]','$_POST[dob_add]','$_POST[hometele_add]','$_POST[mobiletele_add]','$_POST[homeadd_add]','$_POST[siblings_add]','$_POST[schoolname_add]','$_POST[headname_add]','$_POST[schooladd_add]','$_POST[schooltele_add]','$_POST[schoolem_add]','$_POST[alevel_add]','$_POST[personstate_add]','$_POST[nameprovided_add]','$_POST[pe_add]','$_POST[se_add]','$_POST[PredGrade_Art]','$_POST[PredGrade_AScience]','$_POST[PredGrade_BusStudies]','$_POST[PredGrade_Electronics]','$_POST[PredGrade_EnglishLang]','$_POST[PredGrade_EnglishLit]','$_POST[PredGrade_French]','$_POST[PredGrade_German]','$_POST[PredGrade_Geog]','$_POST[PredGrade_Graphics]','$_POST[PredGrade_History]','$_POST[PredGrade_Maths]','$_POST[PredGrade_SepScience]','$_POST[PredGrade_ProductDesign]','$_POST[PredGrade_Spanish]','$_POST[PredGrade_Other]','$_POST[Gender_Male]','$_POST[Gender_Female]','$_POST[Sub_EnglishLit]','$_POST[Sub_Maths]','$_POST[Sub_FurtherMaths]','$_POST[Sub_Biology]','$_POST[Sub_Chemistry]','$_POST[Sub_Physics]','$_POST[Sub_French]','$_POST[Sub_German]','$_POST[Sub_Spanish]','$_POST[Sub_Geography]','$_POST[Sub_History]','$_POST[Sub_RE]','$_POST[Sub_FineArt]','$_POST[Sub_Business]','$_POST[Sub_Computing]','$_POST[Sub_GlobPersp]','$_POST[Sub_DramaAndTheatre]','$_POST[Sub_PE]','$_POST[Sub_Dance]','$_POST[Sub_Politics]','$_POST[Sub_Psychology]','$_POST[Sub_Sociology]','$_POST[readprospect_chk]','$_POST[Sib_Yes]','$_POST[Sib_No]','$_POST[Current_Student_Yes]','$_POST[Current_Student_No]','$_POST[I_Understand_chk]','$_POST[Current_Education_chk]','$_POST[Local_Care_chk]','$_POST[Staff_Cwhls_chk]','$_POST[Sub_Film]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
?>
<?php
//if "email" variable is filled out, send email
if (isset($_REQUEST['pe_add'])) {
//Email information
$admin_email = $_REQUEST['pe_add'];
$forename = $_REQUEST['forename_add'];
$email = "autoreply@testing.com";
$subject = "Application";
$desc =
"Dear $forename
Thank you for submitting your online application, we will be in touch shortly.
"
;
//send email
mail($admin_email, "$subject", "$desc", "From:" . $email);
//Email response
echo "Thank you for contacting us!";
}
//if "email" variable is not filled out, display the form
else {
?>
If you are seeing this, you need to go back and fill out the Personal Email section!
<?php
}
header("location:complete.php");
mysql_close($con)
?>
Thanks in advance.
Hello all,
Appreciate if you folks could pls. help me understand (and more importantly resolve) this very weird error:
Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ASC, purchase_later_flag ASC, shopper1_buy_flag AS' at line 3' in /var/www/index.php:67 Stack trace: #0 /var/www/index.php(67): PDO->query('SELECT shoplist...') #1 {main} thrown in /var/www/index.php on line 67
Everything seems to work fine when/if I use the following SQL query (which can also be seen commented out in my code towards the end of this post) :
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name FROM shoplist, store_master, item_master WHERE shoplist.store_id = store_master.store_id AND shoplist.item_id = item_master.item_id";However, the moment I change my query to the following, which essentially just includes/adds the ORDER BY clause, I receive the error quoted above: $sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name FROM shoplist, store_master, item_master ORDER BY purchased_flag ASC, purchase_later_flag ASC, shopper1_buy_flag ASC, shopper2_buy_flag ASC, store_name ASC) WHERE shoplist.store_id = store_master.store_id AND shoplist.item_id = item_master.item_id";In googling for this error I came across posts that suggested using "ORDER BY FIND_IN_SET()" and "ORDER BY FIELD()"...both of which I tried with no success. Here's the portion of my code which seems to have a problem, and line # 67 is the 3rd from bottom (third last) statement in the code below: <?php
/*
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name
FROM shoplist, store_master, item_master
WHERE shoplist.store_id = store_master.store_id
AND shoplist.item_id = item_master.item_id";
*/
$sql = "SELECT shoplist.*, store_master.store_name, item_master.item_name
FROM shoplist, store_master, item_master
ORDER BY FIND_IN_SET(purchased_flag ASC,
purchase_later_flag ASC,
shopper1_buy_flag ASC,
shopper2_buy_flag ASC,
store_name ASC)
WHERE shoplist.store_id = store_master.store_id
AND shoplist.item_id = item_master.item_id";
$result = $pdo->query($sql);
// foreach ($pdo->query($sql) as $row) {
foreach ($result as $row) {
echo '<tr>';
print '<td><span class="filler-checkbox"><input type="checkbox" name="IDnumber[]" value="' . $row["idnumber"] . '" /></span></td>';
Thanks
Parse error: syntax error, unexpected T_STRING in C:\xampp\htdocs\mywork\unique.php on line 15 <html> <head> <title> </title> </head> <body bgproperties="fixed"> <?php $dbhost = 'localhost'; $dbuser = 'root'; $dbpass = ''; $con = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); $dbname = 'mywork'; mysql_select_db($dbname, $con); $sql=mysql_query(insert into users (regno,name,gender,date,month,year,emailid,cell,paddress,caddress,incometype,incomeamt,dad,fyes,dadocup,mom,myes,momocup,password) VALUES ('$_POST[regno]','$_POST[name]','$_POST[gender]','$_POST[date]','$_POST[month]','$_POST[year]','$_POST[emailid]','$_POST[cell]','$_POST[paddress]','$_POST[caddress]','$_POST[incometype]','$_POST[incomeamt]','$_POST[dad]','$_POST[fyes]','$_POST[dadocup]','$_POST[mom]','$_POST[myes]','$_POST[momocup]','$_POST[password]')"); $sql1=mysql_fetch_array($sql); $result = @mysql_query($SQl1); $result="SELECT * FROM users WHERE regno='$regno'"; while($row = mysql_fetch_array($result)) { //echo $row['regno']."regno<br>"; //echo $row['name']."name<br>"; //echo $row['gender']."gender<br>"; //echo $row['date']."date<br>"; //echo $row['month']."month<br>"; //echo $row['year']."year<br>"; //echo $row['emailid']."emailid<br>"; //echo $row['cell']."cell<br>"; //echo $row['paddress']."paddress<br>"; //echo $row['caddress']."caddress<br>"; //echo $row['incometype']."incometype<br>"; //echo $row['incomeamt']."incomeamt<br>"; //echo $row['dad']."dad<br>"; //echo $row['fyes']."fyes<br>"; //echo $row['dadocup']."dadocup<br>"; //echo $row['mom']."mom<br>"; //echo $row['myes']."myes<br>"; //echo $row['momocup']."momocup<br>"; //echo $row['password']."password<br>"; } echo "Thanks for Register!"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?> <form name="security" action="index.php" method="post"> <input type="submit" value="click here to login"> </form> </body> </html> The issue is there seems to be NO syntax error. 1. There is no relevant code before or after this line. 2. Yes, one would think a ! should be there as did I (I didn't write the code), however, even with the ! it still gives the same error. if (function_exists('gzcompress')) die(FUNCTION_NOT_FOUND); is giving me a syntax error, unexpected 'if', expecting 'function' or 'const' I am updating this code from PHP5.3 to PHP7.4 and I can't figure out what the syntax problem is since PHP allows this. I am using Eclipse PHP to do the conversion. Code: [Select] <?php mysql_connect ("-","-","-") or die ('Error'); mysql_select_db ("-"); $out = mysql_query("SELECT * FROM guestbook ORDER BY id DESC"); while($row = mysql_fetch_assoc($out); --and this one if that braces is deleted { ----this is where im getting the error $name = $row['name']; $email = $row['email']; $txt = $row['comment']; $msg = "Are you sure you want to delete"; /* @var $_REQUEST <type> */ if (isset($_REQUEST ["action"]) && $_REQUEST["action"] == "del") { $id = intval($_REQUEST['id']); mysql_query("DELETE FROM guestbook WHERE id=$id;"); echo "<action=index.php>"; } echo "<font face='verdana' size='1'>"; echo "<table border='0'> <tr><td>Name: ".$name."</td></tr>"." <tr><td>Email: ".$email."</td></tr> <tr><td colspan='2'>Comment:</td></tr> <tr><td colspan='2' width='500'><b>".$txt."</b></td></tr> <tr><td><a onclick=\"return confirm('.$msg.');\" href='index.php?action=del&id=".$row['id']."'><span class='red'>["."Delete"."]</span></a> </td></tr> </table><br />"; echo "<hr size='1' width='500' align='left'></font>"; } ?> Kindly help me please. When i delete ({) the error will become the ( i dont know what to do already. Thanks. Hi folks, I am a complete n00b at php and mysql. I am teaching myself from books and the WWW, but alas I am stuck... the error I get is: Parse error: syntax error, unexpected T_STRING in X:\xampp\htdocs\search.php on line 7 here is the code: <?php mysql_connect ("localhost", "user", "password") or die (mysql_error()); mysql_select_db ("it_homehelp_test") or die (mysql_error()); $term = $_POST['term']; $sql = $mysql_query(select * from it_homehelp_test where ClientName1 like '%term%'); <<<------this is line 7 while ($row = mysql_fetch_array($sql)){ echo 'Client Name:' .$row['ClientName1']; echo 'Address:' .$row['Address1']; echo 'Phone:' .$row['Tel1']; } ?> Any help you can offer would be great. I can also post the ".html" file that creates the search bar if it is needed. Thanks
Hello everyone,
1 <?php
7 // Create connection
10 // Check connection
14 $firstname = $conn->real_escape_string($_REQUEST['firstname']); 25 $sql2 = "INSERT INTO countries VALUES ('$country')"; 27 $sql3 = "INSERT INTO Contacts (firstname, lastname, address, city, country, phone, email) VALUES ('$firstname', '$lastname', '$address', $city, $country, '$phone_number','$email')";
29 SELECT * FROM cities;
if($conn->query($sql2) === true){
if($conn->query($sql3) === true){ |
|||||||