The problem with changing data in the database

Question

I get data from the database, they are entered into the fields - http://i.stack.imgur.com/PZiXG.png

I click on the "Save" button pops up an error:

Error entering the databaseYou have an error in your SQL syntax; Check out the manual for the right syntax to use near 'Connor, known as Bones - the guy who' at line 1

The method that performs these operations (taking data and changing data):

protected function obr(){ if (!empty($_FILES['img_src']['tmp_name'])) if (!move_uploaded_file($_FILES['img_src']['tmp_name'],'img/'.$_FILES['img_src']['name'])){ exit("Не удалось загрузить изображение"); } $img_src = 'img/'.$_FILES['img_src']['name']; $id = $_POST['id']; $title = $_POST['title']; $date = date("Ymd", time()); $discription = $_POST['discription']; $text = $_POST['text']; $cat = $_POST['cat']; if (empty($title) || empty($text) || empty($discription)){ exit("Не заполненны обязательные поля"); } $query = "UPDATE statii SET title='$title',img_src='$img_src',date='$date',text='$text',discription='$discription',cat='$cat' WHERE id='$id'"; if(!mysql_query($query)){ exit("Ошибка ввода в базу данных".mysql_error()); }else{ $_SESSION['res'] = "Изменения внесены успешно"; header("Location:?option=admin"); exit(); } }

Mrak Mrak 1.708 4 silver marks 9 bronze marks · Accepted Answer · 2016-09-22T07:39:18

The easiest way out

 $id = mysql_real_escape_string($_POST['id']); $title = mysql_real_escape_string($_POST['title']); $date = date("Ymd", time()); $discription = mysql_real_escape_string($_POST['discription']); $text = mysql_real_escape_string($_POST['text']); $cat = mysql_real_escape_string($_POST['cat']);

The problem with changing data in the database

1 answer 1

More articles: