Muscle error

Question

Maybe I'm doing something wrong? Through the visual editor I try to add an entry to the text field in the database. Here is a piece of code

`

if (@$_POST['save'] ){ $text=$_POST['content1']; $anot=($_POST['anot']); $pole=$_POST['pole']; $titul=$_POST['titul']; if (!$text || !$pole || !$titul) { echo ("Поле не заполнено"); } else { if ( !get_magic_quotes_gpc() ){ $text=stripslashes($text); $anot=stripslashes($anot); $pole=stripslashes($pole); $titul=stripslashes($titul); } $kuda=array(); // определяем название таблицы по ИД $kuda[10]="news"; $kuda[1]="first"; $kuda[6]="stat"; if ($kuda[$id]==1 || $kuda[$id]==6){ //пишем mysql_query("INSERT INTO {$kuda[$id]} (title, nazv, text) VALUES ('{$titul}','{$pole}','{$text}')") or die (mysql_error()); echo " <script type=\"text/javascript\"> alert (\"Данные внесены\"); </script>"; } if ($kuda[10]){ mysql_query("INSERT INTO {$kuda[10]} (title, nazv, anot, text) VALUES ('{$titul}','{$pole}','{$anot}','{$ text}')") or die (mysql_error()); echo " <script type=\"text/javascript\"> alert (\"Данные внесены\"); </script>"; } else echo ("нет такого раздела"); } }

`

It works through time. If the amount of input data is large but swears at all. Writes `

 `You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ом.

What is the problem? already checked and rechecked all that was only ((((((

Dem dem 1,760 8 silver marks 12 bronze marks · Answer 1 · 2011-09-25T06:41:29

Here are the corrected requests, but it seems there is still a matter of logic itself.

 ... $titul = htmlspecialchars($titul); $pole = htmlspecialchars($pole); $text = htmlspecialchars($text); mysql_query('INSERT INTO `' . $kuda[$id] . '`(`title`, `nazv`, `text`) VALUES(\'' . $titul . '\', \'' . $pole . '\', \'' . $text . '\')') or die (mysql_error()); ... $anot = htmlspecialchars($anot); mysql_query('INSERT INTO `' . $kuda[$id] . '`(`title`, `nazv`, `anot`, `text`) VALUES(\'' . $titul . '\', \'' . $pole . '\', \'' . $anot . '\', \'' . $text . '\')') or die (mysql_error());

If you’re on the right side, you’ll find out if you’re on the right side of the syntax to use the "news" (title, nazv, anot, text) VALUES ('.apa.', '. apapap.', '.
After my manipulation, mysql_query ("INSERT INTO '{$ kuda [10]}' (title, nazv, anot, text) VALUES ('. {$ Titul}.', '. {$ Pole}.', \". $ anot. '\', \ ''. $ text. '\') ") or die (mysql_error ());
check the syntax for the right syntax to use the '' news '(title, nazv, anot, text) VALUES (' .apa. ','. apapap. ', \' '. an' at line 1

Answer 2 · 2011-09-25T06:49:43

maybe the problem is this line? or rather in the text variable

 ('{$titul}','{$pole}','{$anot}','{$ text}')") or die (mysql_error());

draev

1,020 6 silver marks 13 bronze marks

And what's wrong? - new_russian_man
from your bit of code: {$ text} - draev
well, there is a gap between the dolar sign and the variable) - draev
there is no space. This seems to be a mess when copying - new_russian_man
ok. In general, to solve this kind of problem, print sql into the browser, copy the query, and execute it directly in the muscle .. During the print, look carefully if all quotes are in place, and if everything is fine .. - draev

|

Answer 3 · 2011-09-25T08:51:36

judging by the description of the error that is being issued to you, you are trying to write to the database a string containing unshielded quotes in the result of which the query collapses. just before writing to the database do:

 $text = mysql_real_escape_string($text);

for all fields of course.

Impy impy 21 1 bronze sign · Answer 4 · 2011-09-27T05:47:56

Why use stripsles, use the regular regular schedule and leave only characters and numbers in a line, for example. And the fact that you work through time, as written above - the query output to the browser. Most likely something is wrong with the request.

Muscle error

4 answers 4

More articles: