Hello, here is my code:
##################
$fname1 = addslashes(trim($HTTP_POST_VARS['fname1']));
$lname1 = addslashes(trim($HTTP_POST_VARS['lname1']));
$fname2 = addslashes(trim($HTTP_POST_VARS['fname2']));
$lname2 = addslashes(trim($HTTP_POST_VARS['lname2']));
print "$fname1 <br>"; //testing purposes
print "$lname2 <br>";
print "$fname2 <br>";
print "$lname2 <br>";
$insert_people = "INSERT INTO people (".
"unique_id, open, fname1, lname1, fname2, lname2,".
"phone1, phone1type, phone2, phone2type, phone3, phone3type,".
"email, address1, address2, city, state, zip,".
"foundout, agegroup, marriagestatus, service, children)".
"VALUES (".
"'$unique_id', '0', '$fname1', '$lname1', '$fname2', '$lname2',".
"'$phone1', '$phone1type', '$phone2', '$phone2type', '$phone3', '$phone3type',".
"'$email', '$address1', '$address2', '$city', '$state', '$zip',".
"'$foundout', '$agegroup', '$marriagestatus', '$service', '$children')";
$mysql_insert = mysql_query($insert_people, $mysql_link)
or die("Bad query: ".mysql_error());
##################
It works wonderfully, as long as a user don't put in a last name like O'Neill or O'Conner or some other funky character.
This is the error message for Joe and Jane O'Conner:
##################
Joe O(slash)'Conner
Jane O(slash)'Conner
Bad query: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Conner', '0', 'Joe', 'O(slash)'Conner', 'Jane', 'O(slash)'Conner','', 'Home
###################
(btw, vBulletin didn't display the slash, so replace (slash) with a backslash, thanks)
addslashes doesn't seem to fix the problem.
Do you guys have any suggestions?
