trouble with mySQL INSERT

bfk118

im about to lose it!

1 - I have verified that my variables are being passed to the page

2- mySQL tells me to try this out to insert the code:

$sql = 'INSERT INTO Review SET Reviewer = \'$reviewName$\', Show_Date = \'$YearSelect-$MonthSelect-$DaySelect\', Show_Rating = \'$rating\', Show_Review = \'$review\'';

which runs the INSERT command, but since im using single quotes, it doesnt translate the variables. when i try moving to double quotes, it won't INSERT at all. i have run out of ideas.

any help would be greatly appreciated!

Ben

ir4z0r

$sql = "INSERT INTO Review SET Reviewer = '$reviewName', Show_Date = '" . ($YearSelect - $MonthSelect - $DaySelect) . "', Show_Rating = '$rating', Show_Review = '$review'";

this should work !?

rklapwijk

$showdate = "$YearSelect-$MonthSelect-$DaySelect";
$sql = mysql_query("INSERT INTO Review SET Reviewer = '$reviewName',Show_Date = '$showdate',Show_Rating = '$rating',Show_Review = '$review'");

Make sure you filter out the double quotes in the variables.
When it inserts Show_Review = 'my text " here' it gives a conflict because the MySQL command uses a ". Same goes for ; and some others.

You can try this function to filter stuff:

$review = repchars($review,'review');
$reviewName = repchars($reviewName,'reviewName');

function repchars($var,$name) {
$name = mysql_escape_string(htmlspecialchars(stripslashes($var)));
return $name;
}

bfk118

works like a charm!

turning the date into one variable seemed to do the trick.

you guys are life savers! thanks again!

Ben