php - MySQL Syntax Error at long entered text -


i trying build php form mysql. problem error every time if try add long text field.

the error

you have error in sql syntax; check manual corresponds mysql server version right syntax use near.....at line 1

the php code generating query this:

<?php if ( $_get['aktion'] == "speichern" ) { $title = $_get['title']; $description = $_get['description']; $applepart = $_get['applepart']; $partnumber = $_get['partnumber']; $productcode = $_get['productcode']; $compatibility = $_get['compatibility']; $url_bild = $_get['url_bild']; $price = $_get['price']; $sql = "insert adressbuch "; $sql .= " set "; $sql .= " title = '$title', "; $sql .= " description = '$description', "; $sql .= " applepart = '$applepart', "; $sql .= " partnumber = '$partnumber', "; $sql .= " productcode = '$productcode', "; $sql .= " compatibility = '$compatibility', "; $sql .= " url_bild = '$url_bild', "; $sql .= " price = '$price' "; require_once ('konfiguration.php'); $db_erg = mysql_query($sql) or die("anfrage fehlgeschlagen: " . mysql_error()); echo '<h1>adresse wurde speichert</h1>'; echo '<a href="auflistung.php">auflistung anzeigen</a>'; exit; } ?> <form name="" action="" method="get" enctype="text/html"> <p>title:<br /> <input type="text" name="title" value="" size="60" /> </p> <p>description:<br /> <input type="text" name="description" value="" size="60" /> </p> <p>applepart:<br /> <input type="text" name="applepart" value="" size="60" /> </p> <p>partnumber:<br /> <input type="text" name="partnumber" value="" size="60" /> </p> <p>productcode:<br /> <input type="text" name="productcode" value="" size="60" /> </p> <p>compatibility:<br /> <input type="text" name="compatibility" value="" size="60" /> </p> <p>bild:<br /> <input type="text" name="url_bild" value="" size="60" /> </p> <p>price:<br /> <input type="text" name="price" value="" size="60" /> </p> <input type="hidden" name="aktion" value="speichern" /> <input type="submit" name="" value="speichern" /> </form>

thanks help

your code susceptible sql injection, , problem hint why.

the rule use is: "never trust data user-agent" (i.e. consider in $_get or $_post potentially problematic or worse). @ minimum, should escape these values using mysqli_real_escape_string or else more robust db framework.


Comments

Post a Comment

Popular posts from this blog

javascript - backbone.js Collection.add() doesn't `construct` (`initialize`) an object -

<!doctype html public "-//w3c//dtd xhtml 1.0 strict//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-strict.dtd"> <html> <head> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="http://documentcloud.github.com/underscore/underscore-min.js"></script> <script src="http://documentcloud.github.com/backbone/backbone-min.js"></script> </head> <body> <button id="cmd_create_event" name="cmd_create_event" type="button">create new `event`</button> <script type="text/javascript"> var eventmodel = backbone.model.extend({ initialize : function() { console.log("`event` initialized. id: " + this.cid); this.bind("change:status", function() { console.log(this.get("status") + " value `status`"); }); this.bind("error", function(model, e...
Read more

php - Get uncommon values from two or more arrays -

is there function in php give array of uncommon values 2 or more arrays? for example: $array1 = array( "green", "red", "blue"); $array2 = array( "green", "yellow", "red"); .... $result = function_needed($array1, $array2,...); print_r($result); should give output: array("blue", "yellow", ...); use array_diff , array_merge : $result = array_merge(array_diff($array1, $array2), array_diff($array2, $array1)); here's demo. for multiple arrays, combine callback , array_reduce : function unique(&$a, $b) { return $a ? array_merge(array_diff($a, $b), array_diff($b, $a)) : $b; } $arrays = array( array('green', 'red', 'blue'), array('green', 'yellow', 'red') ); $result = array_reduce($arrays, 'unique'); and here's demo of that.
Read more

Adding duplicate array rows in Php -

i create function in php adds rows of array shared column value. so input. $test = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); and output. $testduplicatefree = array( array("c", 7, 9), array("test", 5, 6) ) ); i'm thinking function combine_duplicates($array,$col){ ... ... return $duplicatefreearray; } where $col duplicate free array. so, in case, combine_duplicates($test,0); would me desired output. this. <?php function combine_duplicates($array,$col) { $index = array(); foreach ($array $row) { $key = $row[$col]; if (!isset($index[$key])) { $index[$key] = $row; } else { ($i = 0; $i < count($row); ++$i) { if ($i != $col) { $index[$key][$i] += $row[$i]; } } } } return array_values($index); } $array = array( array("c", 5, 6), array("c", 2, 3), array("test", 5, 6) ); print_r(combine_duplicates($array, 0)); try here: http://codepad.org/mdhesqhi
Read more