aquatsr Posted July 3, 2008 Share Posted July 3, 2008 I'm having a little trouble getting my SQL query to go through, I'm not sure if it's a problem with the data I'm sending through or the syntax itself. Here is the query itself written in PHP: $query = "INSERT INTO `movies` (`movie_id`, `title`, `director`, `genre`, `released`, `length`, `language`, `quote`, `description`, `rating`, `property_of`, `date_added`, `available`, `last_borrowed`) VALUES ('', '$movie_title[$j]', '$movie_director[$j]', '$movie_genre[$j]', '$movie_year[$j]', '$movie_length[$j]', '$movie_language[$j]', '$movie_quote[$j]', '$movie_description[$j]', '$movie_rating[$j]', '$property_of', NOW(), '$movie_status[$j]', '')"; $result = mysql_query($query); Here is the data I entered into the form Ocean's ThirteenSteven SoderberghThriller, Crime, Comedy2007122EnglishYou shook Sinatra's hand. You should know better.Danny Ocean again runs the game, so no rough stuff. No one gets hurt. Except for double-crossing Vegas kingpin Willy Bank (Al Pacino). Ocean's crew will hit him where it hurts: in his wallet. On opening night of Bank's posh new casino tower The Bank, every turn of a card and roll of the dice will come up a winner for bettors. And they'll hit him in his pride, making sure the tower doesn't receive a coveted Five Diamond Award. That's just the start of the flimflams. The boys are out to break The Bank. Place your bets!5Yes // Note that I've coded it such that this turns into a 1 or 0My Name and here is the error I get from mysql_error(): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's Thirteen', 'Steven Soderbergh', 'Thriller, Crime, Comedy', '2007', '122', 'Eng' at line 1 My field types are: movie_id int(11) No auto_increment title varchar(150) latin1_swedish_ci No director varchar(150) latin1_swedish_ci No genre varchar(150) latin1_swedish_ci No released int(11) No length int(11) No language varchar(150) latin1_swedish_ci No quote text latin1_swedish_ci No description text latin1_swedish_ci No rating int(11) No property_of text latin1_swedish_ci No date_added timestamp No CURRENT_TIMESTAMP available tinyint(1) No 1 last_borrowed datetime Yes NULL Any help on the nature of this error would be greatly appreciated. Link to comment Share on other sites More sharing options...
Synook Posted July 3, 2008 Share Posted July 3, 2008 The ' in the string (in "Ocean's Thirteen") is making the query fail, you need to mysql_real_escape_string() all your strings before inserting them $query = "INSERT INTO `movies` (`movie_id`, `title`, `director`, `genre`, `released`, `length`, `language`, `quote`, `description`, `rating`, `property_of`, `date_added`, `available`, `last_borrowed`) VALUES ('', '" . mysql_real_escape_string($movie_title[$j]) . "', '" . mysql_real_escape_string($movie_director[$j]) . "', '" . mysql_real_escape_string($movie_genre[$j]) . "', '" . mysql_real_escape_string($movie_year[$j]) . "', '" . mysq;_real_escape_string($movie_length[$j]) . "', '" . mysql_real_escape_string($movie_language[$j]) . "', '" . mysql_real_escape_string('$movie_quote[$j]) . "', '" . mysql_real_escape_string($movie_description[$j]) . "', '" . mysql_real_escape_string($movie_rating[$j]) . "', '" . mysql_real_escape_string($property_of) . "', NOW(), '" . mysql_real_escape_string($movie_status[$j]) . "', '')"; Tedious, but that's the price of security... Link to comment Share on other sites More sharing options...
aquatsr Posted July 3, 2008 Author Share Posted July 3, 2008 Thank you. It's been 3 years since I've done any sort of PHP -> SQL coding. Knew it was something like that. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.