pingeyeg
asked on
Unusual syntax error towards mysql
Not sure why I am getting this since it has nothing to do with the page it is talking about. The error I get is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Use Us Again and Again!', 'Basic' )' at line 3
That line on the page it is referring to is:
if ($_SERVER['REQUEST_METHOD' ] == "POST") {
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Use Us Again and Again!', 'Basic' )' at line 3
That line on the page it is referring to is:
if ($_SERVER['REQUEST_METHOD'
Can you provide a few lines before and after that point in your script? Additionally, are you including any files (like MySQL connection details) around that point?
ASKER
This is my sql statement:
$result = mysql_query("INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')") or die(mysql_error());
addslashes($strServicesoff ered);
addslashes($strOtherservic es);
addslashes($strProvidertag line);
The lines before and after my last post are:
<?php
if ($_SERVER['REQUEST_METHOD' ] == "POST") {
$strProviderservice = $_REQUEST['strProviderserv ice'];
$strCompanyname = $_REQUEST['strCompanyname' ];
$strOwner = $_REQUEST['strOwner'];
$strAddress = $_REQUEST['strAddress'];
$strTown = $_REQUEST['strTown'];
$strZipcode = $_REQUEST['strZipcode'];
$strPhone = $_REQUEST['strPhone'];
$str2ndphone = $_REQUEST['str2ndphone'];
$strMobile = $_REQUEST['strMobile'];
$strPager = $_REQUEST['strPager'];
$strFax = $_REQUEST['strFax'];
$strEmail = $_REQUEST['strEmail'];
$strWebsite = $_REQUEST['strWebsite'];
$strLicense = $_REQUEST['strLicense'];
$strInsured = $_REQUEST['strInsured'];
$strBonded = $_REQUEST['strBonded'];
$strHours = $_REQUEST['strHours'];
$str24houremerg = $_REQUEST['str24houremerg' ];
$strOtherservices = $_REQUEST['strOtherservice s'];
$strServicearea = $_REQUEST['strServicearea' ];
$strInbusiness_since = $_REQUEST['strInbusiness_s ince'];
$strServicesoffered = $_REQUEST['strServicesoffe red'];
$strFreeestimate = $_REQUEST['strFreeestimate '];
$strWorkguaranteed = $_REQUEST['strWorkguarante ed'];
$strProvidertagline = $_REQUEST['strProvidertagl ine'];
$strAd_size = $_REQUEST['strAd_size'];
$result = mysql_query("INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')") or die(mysql_error());
addslashes($strServicesoff
addslashes($strOtherservic
addslashes($strProvidertag
The lines before and after my last post are:
<?php
if ($_SERVER['REQUEST_METHOD'
$strProviderservice = $_REQUEST['strProviderserv
$strCompanyname = $_REQUEST['strCompanyname'
$strOwner = $_REQUEST['strOwner'];
$strAddress = $_REQUEST['strAddress'];
$strTown = $_REQUEST['strTown'];
$strZipcode = $_REQUEST['strZipcode'];
$strPhone = $_REQUEST['strPhone'];
$str2ndphone = $_REQUEST['str2ndphone'];
$strMobile = $_REQUEST['strMobile'];
$strPager = $_REQUEST['strPager'];
$strFax = $_REQUEST['strFax'];
$strEmail = $_REQUEST['strEmail'];
$strWebsite = $_REQUEST['strWebsite'];
$strLicense = $_REQUEST['strLicense'];
$strInsured = $_REQUEST['strInsured'];
$strBonded = $_REQUEST['strBonded'];
$strHours = $_REQUEST['strHours'];
$str24houremerg = $_REQUEST['str24houremerg'
$strOtherservices = $_REQUEST['strOtherservice
$strServicearea = $_REQUEST['strServicearea'
$strInbusiness_since = $_REQUEST['strInbusiness_s
$strServicesoffered = $_REQUEST['strServicesoffe
$strFreeestimate = $_REQUEST['strFreeestimate
$strWorkguaranteed = $_REQUEST['strWorkguarante
$strProvidertagline = $_REQUEST['strProvidertagl
$strAd_size = $_REQUEST['strAd_size'];
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you receive user input to be stored in a database, you should always check the input before processing it. User input can contain problematic or even malicious characters and strings that may damage your data or compromise the security of your application.
For more information on this topic, take a look at http://www.digitalpropulsion.org/Programming/SQL_Injections_in_PHP_with_MySQL
For more information on this topic, take a look at http://www.digitalpropulsion.org/Programming/SQL_Injections_in_PHP_with_MySQL
ASKER
That made a lot of since, but I am still getting that same error after putting those in.
So that we can see the query that is being attempted, can you make the following change in your code:
$query = "INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')"
$result = mysql_query($query) or die("The following query failed:<br />$query<br />The MySQL error was: " . mysql_error());
$query = "INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')"
$result = mysql_query($query) or die("The following query failed:<br />$query<br />The MySQL error was: " . mysql_error());