Hi,

My host recently upgraded from 3.2353 to 4.1 of Mysql. Ever since then, any text fields that have an apostrophe or single quote causes this error. If we remove it, the sql processes correctly.

Example: Typing didn't will give the foll. error but typing didnt will not.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near
't show much interest for this idea.

I post the text into the script like this .

$discussions = $_POST["discussions"];
$disc1=stripslashes($discussions); //strip /
$disc2 = nl2br ($disc1); //convert CR to BR


and the relevant sql is 

UPDATE `Report` SET `Discussions` = '$disc2'  and the rest of the fields.

I even changed the above to

UPDATE `Report` SET `Discussions` = '$discussions'

but the syntax error persists.

Please let me know how i can solve this. Thanks

    I suggest using:

    $discussions= htmlspecialchars($_POST['discussions']);
$discussions= stripslashes($discussions);
$discussions= mysql_real_escape_string($discussions);

    This will prepare the string like it should be so you don't get an error and more importantly avoind being attacked (To see how go here)...

    And another point: use [man]nl2br[/man] to show data from the database to the viewer and not to enter it into the database because when you want to modify it through textarea you will have ugly <br />'s instead of nice white spaces.

    Example:
    a) nl2br input to database:

    Hello,<br />
<br />
My name is Jim.<br />
<br />
And I want to show you what I mean.<br />
<br />

    b) without nl2br:

    Hello,

My name is Jim.

And I want to show you what I mean.

    The latter seems more easy to modify through textarea, doesn't it?

      Write a Reply...