I want to enter single quotes in database through fckeditor..but My code is not work for me.
"insert into $user
(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
VALUES
("
. ",$newstd," .
"','". htmlspecialchars($_POST['FCKeditor0'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor1'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor2'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor3'],ENT_QUOTES) .
"','" . htmlspecialchars($_POST['FCKeditor4'],ENT_QUOTES) .
"','" . htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['MyRadio'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['section'],ENT_QUOTES) .
"'," . htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES) .
")";
Thank You ...
You can use it like this
insert into $user(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
values
(
"'.$newstd.'",
'".htmlspecialchars([\'$question1\'],ENT_QUOTES)."'
)
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES ("'$newstd'" , "',
'" . htmlspecialchars(['$question1'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question2'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question3'],ENT_QUOTES) . "',
'" . htmlspecialchars(['$question4'],ENT_QUOTES) . "',
'" . htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['MyRadio'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['section'],ENT_QUOTES) . "',
" . htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES) .
")";
Your query should be like
"insert into $user(id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter)
VALUES
(
'".$newstd."' ,
'" . htmlspecialchars($question1,ENT_QUOTES) ."'
)";
You have problem with double quotes
Correct code is
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES ('$newstd','" . htmlspecialchars($question1, ENT_QUOTES) . "','" . htmlspecialchars($question2, ENT_QUOTES) . "','" . htmlspecialchars($question3, ENT_QUOTES) . "','" . htmlspecialchars($question4, ENT_QUOTES) . "','" . htmlspecialchars($_REQUEST['correctans'], ENT_QUOTES) . "'," . htmlspecialchars($_REQUEST['MyRadio'], ENT_QUOTES) . "'," . htmlspecialchars($_REQUEST['section'], ENT_QUOTES) . "','" . htmlspecialchars($_REQUEST['chapter'], ENT_QUOTES) . "')";
To maintain the readability to the code, you can use it this way
$question1= htmlspecialchars(['$question1'],ENT_QUOTES);
$question2= htmlspecialchars(['$question2'],ENT_QUOTES);
$question3= htmlspecialchars(['$question3'],ENT_QUOTES);
$question4= htmlspecialchars(['$question4'],ENT_QUOTES);
$correctans= htmlspecialchars($_REQUEST['correctans'],ENT_QUOTES);
$MyRadio= htmlspecialchars([$_REQUEST['MyRadio'],ENT_QUOTES);
$section= htmlspecialchars($_REQUEST['section'],ENT_QUOTES);
$chapter= htmlspecialchars($_REQUEST['chapter'],ENT_QUOTES);
"insert into $user (id,question,option1,option2,option3,option4,correctAnswer,category,section,chapter) VALUES (' ','$newstd','$quertion1','$quertion2','$quertion3','$quertion4','$correctans','$MyRadio','$section','$chapter')";
Related
The SQL below when echoed in the PHP script displays only WHERE id IN (91220,91222,91232,91233,91244,91263,91264,91277)
Please help me find what is wrong with the SQL.
$sql = "UPDATE customers SET customers.name=AES_ENCRYPT('" . self::PII_OBFUSCATE_NAME . "','" . AES_CRYPT_KEY . "')"
. ", address1=AES_ENCRYPT('" . self::PII_OBFUSCATE_ADDRESS1 . "','" . AES_CRYPT_KEY . "')"
. ", day_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. ", nite_phone=AES_ENCRYPT('" . self::PII_OBFUSCATE_PHONE . "','" . AES_CRYPT_KEY . "')"
. (is_array($customers_to_obfuscate))
? " WHERE id IN (" . implode(",", $customers_to_obfuscate) . ")"
: " WHERE id = '$customers_to_obfuscate'";
You need to check your braces in the ternary operator. It must look like follows:
((is_array($orders_to_obfuscate)) ? " WHERE id IN (" . implode(",", $orders_to_obfuscate) . ")" : " WHERE id = '$orders_to_obfuscate'");
I'm trying to insert data a form 4 table normal insert finish but data array
cannot query. Could you help me, please?
Code:
for ($i = 1; $i <= (int)$_POST["hdnCount"]; $i++) {
$sql = "INSERT INTO status_b(emp_id,name_baby,date_baby,status_baby,class,age,id_card_baby,stay) VALUES ('" . $_POST["emp_id$i"] . "','" .
$_POST["name_baby$i"] . "','" .
$_POST["date_baby$i"] . "','" .
$_POST["status_baby$i"] . "','" .
$_POST["class$i"] . "','" .
$_POST["age$i"] . "','" .
$_POST["id_card_baby$i"] . "','" .
$_POST["stay$i"] . "');";
}
$sql = "INSERT INTO personal (st_date,emp_id,emp_date,division,department,sc,name_th,lname_th,blood,name_en, lname_en,per_date,id_card,exp_card,id_fund,date_fund,rate,acc_id,name_bank, m_bank,add_h,district_h,amphoe_h,province_h,add_n,district_n,amphoe_n,province_n, tel_home,tel,images,education,e_major,institution,name_e,tel_e)
VALUES('" . $_POST["st_date"] . "','" .
$_POST["emp_id"] . "','" .
$_POST["emp_date"] . "','" .
$_POST["division"] . "','" .
$_POST["department"] . "','" .
$_POST["sc"] . "','" .
$_POST["name_th"] . "','" .
$_POST["lname_th"] . "','" .
$_POST["blood"] . "','" .
$_POST["name_en"] . "' ,'" .
$_POST["lname_en"] . "','" .
$_POST["per_date"] . "','" .
$_POST["id_card"] . "','" .
$_POST["exp_card"] . "','" .
$_POST["id_fund"] . "','" .
$_POST["date_fund"] . "','" .
$_POST["rate"] . "','" .
$_POST["acc_id"] . "','" .
$_POST["name_bank"] . "' ,'" .
$_POST["m_bank"] . "','" .
$_POST["add_h"] . "','" .
$_POST["district_h"] . "','" .
$_POST["amphoe_h"] . "','" .
$_POST["province_h"] . "','" .
$_POST["add_n"] . "','" .
$_POST["district_n"] . "','" .
$_POST["amphoe_n"] . "','" .
$_POST["province_n"] . "' ,'" .
$_POST["tel_home"] . "','" .
$_POST["tel"] . "','" .
$_POST["images"] . "','" .
$_POST["education"] . "','" .
$_POST["e_major"] . "','" .
$_POST["institution"] . "','" .
$_POST["name_e"] . "','" .
$_POST["tel_e"] . "');";
$sql .= "INSERT INTO status (name_m,lname_m,date_m,id_card_m,date_r,location,tel_m,status,mary,num_baby)
VALUES
('" . $_POST["name_m"] . "','" .
$_POST["lname_m"] . "','" .
$_POST["date_m"] . "','" .
$_POST["id_card_m"] . "','" .
$_POST["date_r"] . "','" .
$_POST["location"] . "','" .
$_POST["tel_m"] . "','" .
$_POST["status"] . "','" .
$_POST["mary"] . "','" .
$_POST["num_baby"] . "');";
$sql .= "INSERT INTO tax (f_name,f_id,f_date,claim_f,mf_name,mf_id,mf_date,claim_mf,mm_name,
mm_id,mm_date,claim_mm,insurance,num_in,insurance_l,num_inl,unit,num_un,interest,
num_int,support,num_su,donate,num_do,buy,num_b,other,num_o)
VALUES
('" . $_POST["f_name"] . "','" .
$_POST["f_id"] . "','" .
$_POST["f_date"] . "','" .
$_POST["claim_f"] . "','" .
$_POST["mf_name"] . "','" .
$_POST["mf_id"] . "','" .
$_POST["mf_date"] . "','" .
$_POST["claim_mf"] . "','" .
$_POST["mm_name"] . "','" .
$_POST["mm_id"] . "','" .
$_POST["mm_date"] . "','" .
$_POST["claim_mm"] . "','" .
$_POST["insurance"] . "','" .
$_POST["num_in"] . "','" .
$_POST["insurance_l"] . "','" .
$_POST["num_inl"] . "','" .
$_POST["unit"] . "','" .
$_POST["num_un"] . "','" .
$_POST["interest"] . "','" .
$_POST["num_int"] . "','" .
$_POST["support"] . "','" .
$_POST["num_su"] . "','" .
$_POST["donate"] . "','" .
$_POST["num_do"] . "','" .
$_POST["buy"] . "','" .
$_POST["num_b"] . "','" .
$_POST["other"] . "','" .
$_POST["num_o"] . "');";
if (mysqli_multi_query($conn, $sql)) {
echo "New records created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
I need assistance to what might be causing this error, I get this error everytime I have single inverted commas in the data I am trying to post to the database. (field name: abtext)
Error message:
Could not enter data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'dsf'ds'f'ds'fds'f'ds'f'dsfds','fdsfdd'fd''fds'f'dsf'ds fd 'fds'f'df'ds ds''fd'sf' at line 3
Data entered to the db:
field name: (abtext) of type text
data entered on the field=
fdsfdd'fd''fds'f'dsf'ds fd 'fds'f'df'ds ds''fd'sf'ds'f'dsfds'sdf
My insert code:
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES ('$titlepaper','$abtext','$authorTitle1','$authorName1','$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1','$authoremail1','$authornumber1','$presenting1','$additional','$authorTitle2','$authorName2','$authorIntials2','$authorSurname2','$authorJt2','$authorcompany2','$authoremail2','$authornumber2','$presenting2','$correspondence','$authorTitle3','$authorName3','$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3','$authoremail3','$authornumber3','$presenting3')";
mysql_select_db('database');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
Your help will be much appreciated.
Try this,
$sql = " INSERT INTO poster(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,authornumber3,presenting3)
VALUES (" . mysql_escape_string($titlepaper) . "," . mysql_escape_string($abtext) . "," . mysql_escape_string($authorTitle1) . "," . mysql_escape_string($authorName1) . "," . mysql_escape_string($authorIntials1) . "," . mysql_escape_string($authorSurname1) . "," . mysql_escape_string($authorJt1) . "," . mysql_escape_string($authorcompany1) . "," . mysql_escape_string($authoremail1) . "," . mysql_escape_string($authornumber1) . "," . mysql_escape_string($presenting1) . "," . mysql_escape_string($additional) . "," . mysql_escape_string($authorTitle2) . "," . mysql_escape_string($authorName2) . "," . mysql_escape_string($authorIntials2) . "," . mysql_escape_string($authorSurname2) . "," . mysql_escape_string($authorJt2) . "," . mysql_escape_string($authorcompany2) . "," . mysql_escape_string($authoremail2) . "," . mysql_escape_string($authornumber2) . "," . mysql_escape_string($presenting2) . "," . mysql_escape_string($correspondence) . "," . mysql_escape_string($authorTitle3) . "," . mysql_escape_string($authorName3) . "," . mysql_escape_string($authorIntials3) . "," . mysql_escape_string($authorSurname3) . "," . mysql_escape_string($authorJt3) . "," . mysql_escape_string($authorcompany3) . "," . mysql_escape_string($authoremail3) . "," . mysql_escape_string($authornumber3) . "," . mysql_escape_string($presenting3) . ")";
mysql_select_db('database');
$retval = mysql_query($sql, $conn);
if (!$retval) {
die('Could not enter data: ' . mysql_error());
}
i have changed insert area of insert command. Used mysql_escape_string for escaping unwanted char in insertion variables.
$sql = "INSERT INTO individual
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional)
VALUES ('". mysql_escape_string($titlepaper) . "','" . mysql_escape_string($abtext) . "','" . mysql_escape_string($authorTitle1) . "','" . mysql_escape_string($authorName1) . "','" . mysql_escape_string($authorIntials1) . "','" . mysql_escape_string($authorSurname1) . "','" . mysql_escape_string($authorJt1) . "','" . mysql_escape_string($authorcompany1) ."','" . mysql_escape_string($authoremail1) . "','" . mysql_escape_string($authornumber1) . "','" . mysql_escape_string($presenting1) . "','" . mysql_escape_string($additional) . "')";
This worked! THANKS ALOT GUYS MUCH APPRECIATED!
Please try by using : htmlspecialchars($abtext)
so your sql query would be like,
$sql = "INSERT INTO poster
(titlepaper,abtext,authorTitle1,authorName1,authorIntials1,authorSurname1,
authorJt1,authorcompany1,authoremail1,authornumber1,presenting1,additional,
authorTitle2,authorName2,authorIntials2,authorSurname2,authorJt2,authorcompany2,
authoremail2,authornumber2,presenting2,correspondence,authorTitle3,authorName3,
authorIntials3,authorSurname3,authorJt3,authorcompany3,authoremail3,
authornumber3,presenting3)
VALUES
('$titlepaper','htmlspecialchars($abtext)','$authorTitle1','$authorName1',
'$authorIntials1','$authorSurname1','$authorJt1','$authorcompany1',
'$authoremail1','$authornumber1','$presenting1','$additional',
'$authorTitle2','$authorName2','$authorIntials2','$authorSurname2',
'$authorJt2','$authorcompany2','$authoremail2','$authornumber2',
'$presenting2','$correspondence','$authorTitle3','$authorName3',
'$authorIntials3','$authorSurname3','$authorJt3','$authorcompany3',
'$authoremail3','$authornumber3','$presenting3')";
I'm trying to show an error while entering duplicates using php and mysql, but i'm not getting how to complete, please give an solution........
this is my code:
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
}
You have to create unique key in productcost table , using unique fields like (product, productCategory, model). Now execute insert query, if there is a recode in the table return error . now you can handle error and give message.
try{
mysql_query("INSERT INTO productcost (product_key_id,product, productCategory,model,purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES
('" . $_POST["created_product_id"] . "','" . $_POST["product"] . "','".$_POST["productCategory"] . "','" . $_POST["model"] . "','".$_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','".$_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','".$_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
return TRUE;
}
catch(Exception $e){
return FALSE;
}
or you can check is there a recode in table before insert
select count(*) as cc from doc_upload where product_key_id = $_POST["created_product_id"];
To show an error message while entering duplicates:
// First check there are same data available or not using a query by counting the row
$sqlCheck = "SELECT COUNT(`id`) WHERE product = '" . $_POST["product"] . "' AND productCategory = '" . $_POST["productCategory"] . "' AND model = '" . $_POST["model"] . "'"; // You have to add mroe thing in where clause
$CheckQuery = mysql_query($sqlCheck);
// if there is no duplicate data
//
if ($CheckQuery > 0) {
# code...
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
} else {
$message = "Data is Duplicated";
}
Note : I'm Giving you an Example . this is how you have to check
duplicate data
Can you tell me what is wrong with this query? I just can't find the error, this is driving me insane.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
" . mysql_real_escape_string($_POST[vorname]) . ",
" . mysql_real_escape_string($_POST[nachname]) . ",
" . mysql_real_escape_string($_POST[land]) . ",
" . mysql_real_escape_string($_POST[email]) . ",
" . mysql_real_escape_string($_POST[caption1]) . ",
" . mysql_real_escape_string($_POST[caption2]) . ",
" . mysql_real_escape_string($_POST[caption3]) . ",
" . mysql_real_escape_string($_POST[caption4]) . ",
" . mysql_real_escape_string($_POST[caption5]) . ",
CURRENT_TIMESTAMP)";
?>
'fortlaufend' is the primary index with AUTO_INCREMENT. The mysql_error is
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name, last name, country, email, What makes this photo special to you?, Wha' at line 3
Thank you!
You need single quotes for non-integer values.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
'" . mysql_real_escape_string($_POST[vorname]) . "',
'" . mysql_real_escape_string($_POST[nachname]) . "',
'" . mysql_real_escape_string($_POST[land]) . "',
'" . mysql_real_escape_string($_POST[email]) . "',
'" . mysql_real_escape_string($_POST[caption1]) . "',
'" . mysql_real_escape_string($_POST[caption2]) . "',
'" . mysql_real_escape_string($_POST[caption3]) . "',
'" . mysql_real_escape_string($_POST[caption4]) . "',
'" . mysql_real_escape_string($_POST[caption5]) . "',
CURRENT_TIMESTAMP)";
?>
You havent use quotes in your query.
<?php
$query = "INSERT INTO atable (fortlaufend, vorname, nachname, land, email, caption1, caption2, caption3, caption4, caption5, datum)
VALUES (NULL,
'" . mysql_real_escape_string($_POST[vorname]) . "',
'" . mysql_real_escape_string($_POST[nachname]) . "',
'" . mysql_real_escape_string($_POST[land]) . "',
'" . mysql_real_escape_string($_POST[email]) . "',
'" . mysql_real_escape_string($_POST[caption1]) . "',
'" . mysql_real_escape_string($_POST[caption2]) . "',
'" . mysql_real_escape_string($_POST[caption3]) . "',
'" . mysql_real_escape_string($_POST[caption4]) . "',
'" . mysql_real_escape_string($_POST[caption5]) . "',
CURRENT_TIMESTAMP)";
?>