Member Avatar for sarithak

Hi frnds...

from last 3 days i am struggling on same errors...i tried my level best..still i cant get it....this is my code...

$bottomline=stripslashes($_POST['bottomline']);
 or 
if(!file_exists($dir))
mkdir($dir)or die("Filename all ready exits");

when i inserting the data into table or creating directory i am getting error...

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'gdfg/."g;f.f'g;gddfgh',''

this data having (', " ,!,(,),...) this type of symbols...plz solve this problem...


also i am getting in one page output as like this...i checked in database ..in data base also stored in this way..

Venkatesh[B]’[/B]s brother Marthand K Shankar has directed this film with one of the rising stars - Varun Sandesh. Naturally, the film has created good buzz. But the film doesn[B]’[/B]t boast anything new. With wafer thin plotline, the debutant director has tried to completely focus on the comedy and hero’s

Thanks in advance...

  • 2 Contributors
  • 2 Replies
  • 99 Views
  • 3 Days Discussion Span
  • Latest Post Latest Post by sarithak
Member Avatar for sarithak

Please paste the SQL lines.
This is just php.
Additionally for escaping please use
http://ca2.php.net/mysql_real_escape_string

"Filename all ready exits" should be Filename already exists

Thanks for your response...

this is my php & mysql code...plz change this code as correctly...

if(isset($_POST['Submit'])){
$name=mysql_real_escape_string($_POST['name']);
$rating=mysql_real_escape_string($_POST['rating']);
$cast=mysql_real_escape_string($_POST['cast']);
$director=mysql_real_escape_string($_POST['director']);
$producer=mysql_real_escape_string($_POST['producer']);
$punchline=mysql_real_escape_string($_POST['punchline']);
$story=mysql_real_escape_string($_POST['story']);
$artists=mysql_real_escape_string($_POST['artists']);
$technical=mysql_real_escape_string($_POST['technical']);
$feed1=mysql_real_escape_string($_POST['feed1']);
$feed2=mysql_real_escape_string($_POST['feed2']);
$bottomline=mysql_real_escape_string($_POST['bottomline']);
$date=date('y-m-d');
$photo1=mysql_real_escape_string($_FILES['photo1']['name']);
$photo2=mysql_real_escape_string($_FILES['photo2']['name']);
$photo3=mysql_real_escape_string($_FILES['photo3']['name']);
$photo4=mysql_real_escape_string($_FILES['photo4']['name']);
$tphoto1=mysql_real_escape_string($_FILES['photo1']['tmp_name']);
$tphoto2=mysql_real_escape_string($_FILES['photo2']['tmp_name']);
$tphoto3=mysql_real_escape_string($_FILES['photo3']['tmp_name']);
$tphoto4=mysql_real_escape_string($_FILES['photo4']['tmp_name']);
$dir="../../movies/moviereview/$name";
if(!file_exists($dir))
mkdir($dir)or die("Filename all ready exits");
$dir1="$dir"."/"."$photo1" ;
$dir2="$dir"."/"."$photo2" ;
$dir3="$dir"."/"."$photo3" ;
$dir4="$dir"."/"."$photo4" ;
if($photo1!=""){move_uploaded_file($_FILES['photo1']['tmp_name'], $dir1);}
if($photo2!=""){move_uploaded_file($_FILES['photo2']['tmp_name'], $dir2);}
if($photo3!=""){move_uploaded_file($_FILES['photo3']['tmp_name'], $dir3);}
if($photo4!=""){move_uploaded_file($_FILES['photo4']['tmp_name'], $dir4);}
$sql="insert into moviereview values('','$name','$rating','$cast','$director','$producer','$punchline','$story','$artists','$technical','$feed1','$feed2','$bottomline','$date','$photo1','$photo2','$photo3','$photo4')";
mysql_query($sql)or die(mysql_error());

}
?>

i am getting another error ...

error 3:

Filename all ready exitsPHP Warning: mkdir(../../movies/moviereview/sai\'k,jhk\'..;j\') [function.mkdir]: No such file or directory in C:\Domains\teluguflavours.com\wwwroot\admin\movies\reviews.php on line 34

Thanks in advance...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.