Hi All
Im having a problem with the addslashes in php. Im trying to input some some data from a form in a previous page which a user fills in. If the user uses characters like ('), i get an error like:
You have an error in your SQL syntax near '\\'ll, 'London', test, 'not stated', test, test' at line 1
I take it the error comes when i added '.
I have used the following code but it still doesnt work
Im stuck and need some urgent help:
$job_id = addslashes($POST['job_id']);
$contact_name = addslashes($POST['contact_name']);
$contact_phone = addslashes($POST['contact_phone']);
$email = addslashes($POST['email']);
$date_posted = addslashes($POST['date_posted']);
$job_title2 = addslashes($POST['job_title']);
$job_summary = addslashes($POST['job_summary']);
$location = addslashes($POST['location']);
$salary = addslashes($POST['salary']);
$career_level = addslashes($POST['career_level']);
if(@mysql_num_rows($result)>0){
//inform user the job id is already taken
echo "The JOB REFERENCE NUMBER you added is already taken. Please click on the link below to go back and choose a unique field (i.e use letters aswell as numbers).";
echo "<a href='#' onclick='history.back();'><br><br>Go back</a> ";
echo "<a href=jobs_add2.htm><br><br>Add another job</a>";
}else{
$sql = "INSERT INTO $table_name (job_id, contact_name, contact_phone, email, date_posted, job_sector, job_title, job_summary, region, location, job_status, salary, career_level) VALUES ($job_id, $contact_name, $contact_phone, $email, $date_posted, '$POST[job_sector]', $job_title2, $job_summary, '$POST[region]', $location, '$_POST[job_status]', $salary, $career_level";
echo "Thank you. Your job $job_title has been posted on the talent website.";
$result = @($sql,$connection) or die(mysql_error());
}
?>
