Hi All
Got a problem where when i try to insert data in to a database which is coming from a form, if there is an apostrephe (i.e words like you'll etc). I get an SQL error like:
You have an error in your SQL syntax near 'sfs.sfj,as f:asfdsa-sadf ', 'London', 'tes', 'not stated', 'tes', 'test')' at line 1
My php code that im using is:
<?
$db_name = "w";
$table_name = "js";
$connection = @mysql_connect("78979", "iiii", "jjjj") or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
//check for duplicate ref numbers
$sql = "SELECT job_id from $table_name where job_id='$_POST[job_id]'";
$result = @($sql,$connection) or die(mysql_error());
if(@mysql_num_rows($result)>0){
//inform user the job id is already taken
echo "The JOB REFERENCE NUMBER you added is already taken. Please click on the link below to go back and choose a unique field (i.e use letters aswell as numbers).";
echo "<a href='#' onclick='history.back();'><br><br>Go back</a> ";
echo "<a href=jobs_add2.htm><br><br>Add another job</a>";
}else{
$sql = "INSERT INTO $table_name (job_id, contact_name, contact_phone, email, date_posted, job_sector, job_title, job_summary, region, location, job_status, salary, career_level) VALUES ('$POST[job_id]', '$POST[contact_name]', '$POST[contact_phone]', '$POST[email]', '$POST[date_posted]', '$POST[job_sector]','$POST[job_title]', '$POST[job_summary]', '$POST[region]', '$POST[location]', '$POST[job_status]', '$POST[salary]', '$_POST[career_level]')";
echo "Thank you. Your job $job_title has been posted on the talent website.";
$result = @($sql,$connection) or die(mysql_error());
}
?>
Any ideas as this is causing problems with my website. PLEASE!!!
