Member Avatar for Stefce

Hello guys i have a big problem over here and and wierd i think, when im trying to add some info into database it works well i have 32 input fields (16 for matches and 16 for match tips) and when i will enter in each some info for ex. asdasdasd it works fine it saves the data into the table but when i will add some football matches like Cobreloa - O'Higgins i get a error

Fatal error: Wrong SQL: INSERT INTO kladilnica VALUES ('', 'StefanRafa', '30', '11422', '02/05/2015', 'Heracles Alm - Groningen', 'Cobreloa - O'Higgins', 'Boavista SC - Cabofriense', 'Equat. Guine - Ghana', 'Ajax - AZ Alkmaar', 'Friburguense - Macae', 'Palmeiras - Ponte Preta', 'Palestino - Nacional M.', '', '', '', '', '', '', '', '', '', 'T1 2+', 'T1 2+', '2 - 3', '2 - 3', '1 - 1 3+', '2 - 3', '0 - 2', '2 - 3', '', '', '', '', '', '', '', '', '184625', '1') Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Higgins', 'Boavista SC - Cabofriense', 'Equat. Guine - Ghana', 'Ajax - AZ Alkmaa' at line 1 in C:\xampp\htdocs\ticket.php on line 308

please someone tell me what is causing this error and how can i fix it thanks very much :)

Edited by Stefce
  • 3 Contributors
  • 3 Replies
  • 309 Views
  • 32 Minutes Discussion Span
  • Latest Post Latest Post by Stefce
Member Avatar for pritaeas

You need to escape the single quotes.

Member Avatar for pixelsoul

It's being caused by Cobreloa - O'Higgins. Try escaping with backslashes like Cobreloa - O\'Higgins. You should be sanatizing your data before inserting it into your database, which includes add backslashes. An example, css-tricks.com has an example function for doing this, which I'm sure is fine to use.
http://css-tricks.com/snippets/php/sanitize-database-inputs/

Member Avatar for Stefce

Thank you for your fast replying but i doesn't quite get it i need just the first one right ? And can i use it like this example ?

$tip1 = htmlentities($_POST['tip1']);

$asd = sanitize($tip1);

cleanInput($asd);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.