Link to home
Start Free TrialLog in
Avatar of pingeyeg
pingeyeg

asked on

Unusual syntax error towards mysql

Not sure why I am getting this since it has nothing to do with the page it is talking about.  The error I get is:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll Use Us Again and Again!', 'Basic' )' at line 3

That line on the page it is referring to is:

if ($_SERVER['REQUEST_METHOD'] == "POST") {
Avatar of glcummins
glcummins
Flag of United States of America image
Can you provide a few lines before and after that point in your script? Additionally, are you including any files (like MySQL connection details) around that point?
Avatar of pingeyeg
pingeyeg

ASKER

This is my sql statement:

$result = mysql_query("INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')") or die(mysql_error());

addslashes($strServicesoffered);
addslashes($strOtherservices);
addslashes($strProvidertagline);

The lines before and after my last post are:

<?php

if ($_SERVER['REQUEST_METHOD'] == "POST") {

            $strProviderservice = $_REQUEST['strProviderservice'];
            $strCompanyname = $_REQUEST['strCompanyname'];
            $strOwner = $_REQUEST['strOwner'];
            $strAddress = $_REQUEST['strAddress'];
            $strTown = $_REQUEST['strTown'];
            $strZipcode = $_REQUEST['strZipcode'];
            $strPhone = $_REQUEST['strPhone'];
            $str2ndphone = $_REQUEST['str2ndphone'];
            $strMobile = $_REQUEST['strMobile'];
            $strPager = $_REQUEST['strPager'];
            $strFax = $_REQUEST['strFax'];
            $strEmail = $_REQUEST['strEmail'];
            $strWebsite = $_REQUEST['strWebsite'];
            $strLicense = $_REQUEST['strLicense'];
            $strInsured = $_REQUEST['strInsured'];
            $strBonded = $_REQUEST['strBonded'];
            $strHours = $_REQUEST['strHours'];
            $str24houremerg = $_REQUEST['str24houremerg'];
            $strOtherservices = $_REQUEST['strOtherservices'];
            $strServicearea = $_REQUEST['strServicearea'];
            $strInbusiness_since = $_REQUEST['strInbusiness_since'];
            $strServicesoffered = $_REQUEST['strServicesoffered'];
            $strFreeestimate = $_REQUEST['strFreeestimate'];
            $strWorkguaranteed = $_REQUEST['strWorkguaranteed'];
            $strProvidertagline = $_REQUEST['strProvidertagline'];
            $strAd_size = $_REQUEST['strAd_size'];
ASKER CERTIFIED SOLUTION
Avatar of glcummins
glcummins
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Cornelia Yoder
Cornelia Yoder
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of glcummins
glcummins
Flag of United States of America image
When you receive user input to be stored in a database, you should always check the input before processing it. User input can contain problematic or even malicious characters and strings that may damage your data or compromise the security of your application.

For more information on this topic, take a look at http://www.digitalpropulsion.org/Programming/SQL_Injections_in_PHP_with_MySQL
Avatar of pingeyeg
pingeyeg

ASKER

That made a lot of since, but I am still getting that same error after putting those in.
Avatar of glcummins
glcummins
Flag of United States of America image
So that we can see the query that is being attempted, can you make the following change in your code:

$query = "INSERT INTO tblAdspace( providerID, strProviderservice, strCompanyname, strOwner, strAddress, strTown, strZipcode, strPhone, str2ndphone, strMobile, strPager, strFax, strEmail, strWebsite, strInbusiness_since, strLicense, strInsured, strBonded, strHours, str24houremerg, strServicesoffered, strOtherservices, strServicearea, strFreeestimate, strWorkguaranteed, strProvidertagline, strAd_size)
VALUES ('',
'$strProviderservice', '$strCompanyname', '$strOwner', '$strAddress', '$strTown', '$strZipcode', '$strPhone', '$str2ndphone', '$strMobile', '$strPager', '$strFax', '$strEmail', '$strWebsite', '$strInbusiness_since', '$strLicense', '$strInsured', '$strBonded', '$strHours', '$str24houremerg', '$strServicesoffered', '$strOtherservices', '$strServicearea', '$strFreeestimate', '$strWorkguaranteed', '$strProvidertagline', '$strAd_size')"

$result = mysql_query($query) or die("The following query failed:<br />$query<br />The MySQL error was: " . mysql_error());