Alfraganus Posted December 22, 2015 Share Posted December 22, 2015 when I am inserting normal text (without "/ . , ; ') php is succesfully uploading my data, but if my text contains these characters: /./,;; php is sending this following error SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '['['')' at line 2 , what does it mean and how to overcome it? Link to comment Share on other sites More sharing options...
Ingolme Posted December 22, 2015 Share Posted December 22, 2015 I'd need to see your full SQL query to know what the problem is. It's a syntax error in your SQL. 1 Link to comment Share on other sites More sharing options...
Alfraganus Posted December 22, 2015 Author Share Posted December 22, 2015 here is my full source code: <!DOCTYPE html> <html> <head> <title>uploading a file</title> </head> <body bgcolor="blue"> <form method="post"> <table align="center" width="700" border="2" bgcolor="green"> <tr align="center"> <td align="center"> <td colspan="8"><h2>upload whatever you want mr Alfraganus</h2></td> </td> <tr> <td colspan="8" align="center"><input type="text" name="title" size="60"><b>Title</b></td> </tr> <tr> <td colspan="8"><textarea name="body" cols="80" rows="20"></textarea></td> </tr> <tr> <td colspan="8"><center><input type="submit" name="upload" value="upload the text"> </center></td> </tr> </table> </body> </html> <?php if (isset($_POST['upload'])) { $hostname="localhost"; $username="root"; $password=""; $db_name="alfy"; try { $dbh=new PDO("mysql:host=$hostname;dbname=$db_name", $username,$password); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql= "INSERT INTO tables (title, body) values ('".$_POST["title"]."','".$_POST["body"]."')"; $title=$_POST['title']; $body=$_POST['body']; $sth=$dbh->prepare($sql); $sth->bindvalue(':title', $title, PDO::PARAM_STR); $sth->bindvalue(':body', $body, PDO::PARAM_STR); $sth->execute(); $dbh=null; } catch (PDOexception $e) { echo $e->getMessage(); } } Link to comment Share on other sites More sharing options...
davej Posted December 22, 2015 Share Posted December 22, 2015 It should be... $sql= "INSERT INTO mytablename (title, body) VALUES (:title, :body)"; There is a PDO example towards the bottom of the page here... http://www.w3schools.com/php/php_mysql_prepared_statements.asp Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now