I need assistance to what might be causing this error, I get this error everytime I have single inverted commas in the data I am trying to post to the database. (field name: abtext)
Error message:
Could not enter data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dsf'ds'f'ds'fds'f'ds'f'dsfds','fdsfdd'fd''fds'f'dsf'ds fd 'fds'f'df'ds ds''fd'sf' at line 3
Data entered to the db:
field name: (abtext) of type text
data entered on the field=
fdsfdd'fd''fds'f'dsf'ds fd 'fds'f'df'ds ds''fd'sf'ds'f'dsfds'sdf
My insert code:
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES ('$titlepaper','$abtext','$authorTitle1','$authorName1','$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1','$authoremail1','$authornumber1','$presenting1','$additional','$authorTitle2','$authorName2','$authorIntials2','$authorSurname2','$authorJt2','$authorcompany2','$authoremail2','$authornumber2','$presenting2','$correspondence','$authorTitle3','$authorName3','$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3','$authoremail3','$authornumber3','$presenting3')";
mysql_select_db('database');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
Your help will be much appreciated.
Try this,
$sql = " INSERT INTO poster(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES (" . mysql_escape_string($titlepaper) . "," . mysql_escape_string($abtext) . "," . mysql_escape_string($authorTitle1) . "," . mysql_escape_string($authorName1) . "," . mysql_escape_string($authorIntials1) . "," . mysql_escape_string($authorSurname1) . "," . mysql_escape_string($authorJt1) . "," . mysql_escape_string($authorcompany1) . "," . mysql_escape_string($authoremail1) . "," . mysql_escape_string($authornumber1) . "," . mysql_escape_string($presenting1) . "," . mysql_escape_string($additional) . "," . mysql_escape_string($authorTitle2) . "," . mysql_escape_string($authorName2) . "," . mysql_escape_string($authorIntials2) . "," . mysql_escape_string($authorSurname2) . "," . mysql_escape_string($authorJt2) . "," . mysql_escape_string($authorcompany2) . "," . mysql_escape_string($authoremail2) . "," . mysql_escape_string($authornumber2) . "," . mysql_escape_string($presenting2) . "," . mysql_escape_string($correspondence) . "," . mysql_escape_string($authorTitle3) . "," . mysql_escape_string($authorName3) . "," . mysql_escape_string($authorIntials3) . "," . mysql_escape_string($authorSurname3) . "," . mysql_escape_string($authorJt3) . "," . mysql_escape_string($authorcompany3) . "," . mysql_escape_string($authoremail3) . "," . mysql_escape_string($authornumber3) . "," . mysql_escape_string($presenting3) . ")";
mysql_select_db('database');
$retval = mysql_query($sql, $conn);
if (!$retval) {
die('Could not enter data: ' . mysql_error());
}
i have changed insert area of insert command. Used mysql_escape_string for escaping unwanted char in insertion variables.
$sql = "INSERT INTO individual
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional)
VALUES ('". mysql_escape_string($titlepaper) . "','" . mysql_escape_string($abtext) . "','" . mysql_escape_string($authorTitle1) . "','" . mysql_escape_string($authorName1) . "','" . mysql_escape_string($authorIntials1) . "','" . mysql_escape_string($authorSurname1) . "','" . mysql_escape_string($authorJt1) . "','" . mysql_escape_string($authorcompany1) ."','" . mysql_escape_string($authoremail1) . "','" . mysql_escape_string($authornumber1) . "','" . mysql_escape_string($presenting1) . "','" . mysql_escape_string($additional) . "')";
This worked! THANKS ALOT GUYS MUCH APPRECIATED!
Please try by using : htmlspecialchars($abtext)
so your sql query would be like,
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,
authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,
authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,
authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,
authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,
authornumber3,presenting3)
VALUES
('$titlepaper','htmlspecialchars($abtext)','$authorTitle1','$authorName1',
'$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1',
'$authoremail1','$authornumber1','$presenting1','$additional',
'$authorTitle2','$authorName2','$authorIntials2','$authorSurname2',
'$authorJt2','$authorcompany2','$authoremail2','$authornumber2',
'$presenting2','$correspondence','$authorTitle3','$authorName3',
'$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3',
'$authoremail3','$authornumber3','$presenting3')";
Related
The SQL below when echoed in the PHP script displays only WHERE id IN (91220,91222,91232,91233,91244,91263,91264,91277)
Please help me find what is wrong with the SQL.
$sql = "UPDATE customers SET customers.name=AES_ENCRYPT('" . self::PII_OBFUSCATE_NAME . "','" . AES_CRYPT_KEY . "')"
. ", address1=AES_ENCRYPT('" . self::PII_OBFUSCATE_ADDRESS1 . "','" . AES_CRYPT_KEY . "')"
. ", day_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. ", nite_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. (is_array($customers_to_obfuscate))
? " WHERE id IN (" . implode(",", $customers_to_obfuscate) . ")"
: " WHERE id = '$customers_to_obfuscate'";
You need to check your braces in the ternary operator. It must look like follows:
((is_array($orders_to_obfuscate)) ? " WHERE id IN (" . implode(",", $orders_to_obfuscate) . ")" : " WHERE id = '$orders_to_obfuscate'");
i have an html form , when user submits the data, the data goes into database, this was working fine until i added one more thing, i added mail function to send the mail after the data is submitted. my code is like below:
<?php
error_reporting(0);
session_start();
require('db_config.php');
if (isset($_POST['submit'])) {
$name = $_FILES['Photo']['name'];
list($txt, $ext) = explode(".", $name);
$image_name = time() . "." . $ext;
$tmp = $_FILES['Photo']['tmp_name'];
$shame = $_FILES['paymentphoto']['name'];
list($txts, $exts) = explode(".", $shame);
$receipt_name = time() . "." . $ext;
$tmps = $_FILES['paymentphoto']['tmp_name'];
if (move_uploaded_file($tmp, 'uploads/' . $image_name) && move_uploaded_file($tmps, 'receipt/' . $receipt_name)) {
$sql = "INSERT INTO members (firstname, lastname, image, company, designation, addressone, addresstwo, aadhar, city, state, pin, pan, rnameone, rnametwo, mobile, alternate, email, experience, businessdate, companyregistration, gstin, servicesoffered, fee, mode, receipt) VALUES ('" . $_POST['first_name'] . "','" . $_POST['last_name'] . "' , '" . $image_name . "','" . $_POST['company'] . "', '" . $_POST['designation'] . "','" . $_POST['address'] . "', '" . $_POST['address2'] . "', '" . $_POST['aadhaar'] . "', '" . $_POST['city'] . "', '" . $_POST['state'] . "', '" . $_POST['pin'] . "', '" . $_POST['pan'] . "', '" . $_POST['recommended'] . "', '" . $_POST['recommended2'] . "','" . $_POST['mobile'] . "', '" . $_POST['alternate'] . "', '" . $_POST['email'] . "', '" . $_POST['experience'] . "', '" . $_POST['date'] . "', '" . $_POST['registration'] . "', '" . $_POST['gst'] . "', '" . $_POST['services'] . "', '" . $_POST['fee'] . "', '" . $_POST['payment'] . "', '" . $receipt_name . "' )";
$mysqli->query($sql);
$to = "teiamembers#gmail.com"; // this is your Email address
$from = $_POST['email']; // this is the sender's Email address
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$headers = "From:" . $from . "\nMIME-Version: 1.0\nContent-Type: text/html; charset=utf-8\n";
$headers2 = "From:" . $to;
$subject = "TEIA Membership Registration Request";
$subject2 = "TEIA Membership Request";
$message = $first_name . " has requested for TEIA Registration. Full Name:" . " " . $first_name . " " . $last_name . "<br>" . "Email:" . $from . "<br>" . "Mobile:" . " " . $_POST['mobile'] . "<br>" . "Company Name:" . " " . $_POST['company'] . "<br>" . "Designation" . " " . $_POST['designation'] . "<br>" . "Residence Address:" . " " . $_POST['address'] . "<br>" . "Office Address:" . " " . $_POST['address2'] . "<br>" . "Aadhaar:" . " " . $_POST['aadhaar'] . "<br>" . "City:" . " " . $_POST['city'] . "<br>" . "State:" . " " . $_POST['state'] . "<br>" . "Pin:" . " " . $_POST['pin'] . "<br>" . "Pan:" . " " . $_POST['pan'] . "<br>" . "Reference:" . " " . $_POST['recommended'] . "<br>" . "Alternate Number:" . " " . $_POST['alternate'] . "<br>" . "Experience:" . " " . $_POST['experience'] . "<br>" . "Aadhaar:" . " " . $_POST['aadhaar'] . "<br>" . "Date of Business Setup:" . " " . $_POST['date'] . "<br>" . "Company Registration Number:" . " " . $_POST['registration'] . "<br>" . "GSTIN:" . " " . $_POST['gst'] . "<br>" . "Services Offered:" . " " . $_POST['services'] . "<br>" . "Fee Paid:" . " " . $_POST['fee'] . "<br>" . "Payment Mode:" . " " . $_POST['payment'] . "<br>";
$message2 = "Your request for TEIA Membership Received. We will contact you Shortly. ";
mail($to, $subject, $message, $headers);
mail($from, $subject2, $message2, $headers2); // sends a copy of the message to the sender
if ($mysqli) {
$msg = "Your Request For Membership Registration Sent Successfully";
}
}
}
?>
now the problem is when the user submits the form, the mail is working properly, but the values are not going to database, can anyone please tell me what could be wrong here, thanks in advance
TAKE CARE OF SQL INJECTION first.
Some amount of checking is necessary all the time. At the very least...this one.
if($mysqli->query($sql)) { fine } else { error }
And in the "error" part of above, if you would have included error number and actual message, you yourself might have found the answer.
Main doubt I have is...you have some unique column and the insert did not happen as it did appear in database earlier.
Also, better to use an id int unique auto_increment for several purposes.
Secondly, you should have created $mailstatus and have checked the same and not mysqli for this message.
if ($mailstatus) {
$msg = "Your Request For Membership Registration Sent Successfully";
}
I am fetching some row from mysql table and after fetch it I am inserting it in another database with similar type table. I want little changes in one filed of row and want insert fixed value in it instead of value that I have fetched first.
My current query is like below
while ($row = mysqli_fetch_array($questions))
$cat=1;
{
// escape your strings
foreach($row as $key => $val)
{
$row[$key] = mysqli_real_escape_string($mobcon, $row[$key]);
}
mysqli_query($mobcon, "INSERT INTO `questions` (`option1`, `option2`, `option3`, `option4`, `correctans`, `question_text`, `cat_id`, `sub_cat_id`, `level_id`, `quesimage`) VALUES ('" . $row['option1'] . "', '" . $row['option2'] . "', '" . $row['option3'] . "','" . $row['option4'] . "','" . $row['correctans'] . "','" . $row['question_text'] . "','" . $row['cat_id'] . "','" . $row['sub_cat_id'] . "','" . $row['level_id'] . "','" . $row['quesimage'] . "');");
}
Now if I want put value 1 for $row['cat_id'] what should I change it in my code ? I have tried to use variable for it but its not working. Thanks
I'm trying to show an error while entering duplicates using php and mysql, but i'm not getting how to complete, please give an solution........
this is my code:
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
}
You have to create unique key in productcost table , using unique fields like (product, productCategory, model). Now execute insert query, if there is a recode in the table return error . now you can handle error and give message.
try{
mysql_query("INSERT INTO productcost (product_key_id,product, productCategory,model,purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES
('" . $_POST["created_product_id"] . "','" . $_POST["product"] . "','".$_POST["productCategory"] . "','" . $_POST["model"] . "','".$_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','".$_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','".$_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
return TRUE;
}
catch(Exception $e){
return FALSE;
}
or you can check is there a recode in table before insert
select count(*) as cc from doc_upload where product_key_id = $_POST["created_product_id"];
To show an error message while entering duplicates:
// First check there are same data available or not using a query by counting the row
$sqlCheck = "SELECT COUNT(`id`) WHERE product = '" . $_POST["product"] . "' AND productCategory = '" . $_POST["productCategory"] . "' AND model = '" . $_POST["model"] . "'"; // You have to add mroe thing in where clause
$CheckQuery = mysql_query($sqlCheck);
// if there is no duplicate data
//
if ($CheckQuery > 0) {
# code...
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
} else {
$message = "Data is Duplicated";
}
Note : I'm Giving you an Example . this is how you have to check
duplicate data
I want to enter single quotes in database through fckeditor..but My code is not work for me.
"insert into $user
(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
VALUES
("
. ",$newstd," .
"','". htmlspecialchars($_POST['FCKeditor0'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor1'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor2'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor3'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor4'],ENT_QUOTES) .
"','" . htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['MyRadio'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['section'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES) .
")";
Thank You ...
You can use it like this
insert into $user(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
values
(
"'.$newstd.'",
'".htmlspecialchars([\'$question1\'],ENT_QUOTES)."'
)
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES ("'$newstd'" , "',
'" . htmlspecialchars(['$question1'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question2'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question3'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question4'],ENT_QUOTES) . "',
'" . htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['MyRadio'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['section'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES) .
")";
Your query should be like
"insert into $user(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
VALUES
(
'".$newstd."' ,
'" . htmlspecialchars($question1,ENT_QUOTES) ."'
)";
You have problem with double quotes
Correct code is
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES ('$newstd','" . htmlspecialchars($question1, ENT_QUOTES) . "','" . htmlspecialchars($question2, ENT_QUOTES) . "','" . htmlspecialchars($question3, ENT_QUOTES) . "','" . htmlspecialchars($question4, ENT_QUOTES) . "','" . htmlspecialchars($_REQUEST['correctans'], ENT_QUOTES) . "'," . htmlspecialchars($_REQUEST['MyRadio'], ENT_QUOTES) . "'," . htmlspecialchars($_REQUEST['section'], ENT_QUOTES) . "','" . htmlspecialchars($_REQUEST['chapter'], ENT_QUOTES) . "')";
To maintain the readability to the code, you can use it this way
$question1= htmlspecialchars(['$question1'],ENT_QUOTES);
$question2= htmlspecialchars(['$question2'],ENT_QUOTES);
$question3= htmlspecialchars(['$question3'],ENT_QUOTES);
$question4= htmlspecialchars(['$question4'],ENT_QUOTES);
$correctans= htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES);
$MyRadio= htmlspecialchars([$_REQUEST['MyRadio'],ENT_QUOTES);
$section= htmlspecialchars($_REQUEST['section'],ENT_QUOTES);
$chapter= htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES);
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES (' ','$newstd','$quertion1','$quertion2','$quertion3','$quertion4','$correctans','$MyRadio','$section','$chapter')";