PDA

View Full Version : SQL ERROR 1064 - Think it is a single quote error


alqadir
01-04-2006, 11:12 AM
Hi Guys,
I was hoping someone out there can help me out with this sql error I am having. I am thinking it has something to do with " ' " single quotes. In the code a user can input text into a text box. The data stored in this text box is assigned to a string variable,which is stored in the database via an sql statement. The code works fine until a " ' " is used in the text box.

Here is the error:


Database error in vBulletin 3.0.4:

Invalid SQL:
INSERT INTO thread(title, lastpost, forumid, open, replycount,
postusername, postuserid, lastposter, dateline, iconid, visible, attach)
VALUES
('[Sell] ADMS 2320 : Statistics for Man't and Econ Edition:6 Keller ISBN: 0-534-39186-9 $80 ', 1135971661, 70,
1, 0, 'ssrashid', 1383,
'ssrashid', 1135971661, 0, 1,
0)

mysql error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 't and Econ Edition:6 Keller ISBN: 0-534-39186-9 $80 ', 11359

mysql error number: 1064

one solution might be to search the string for the invalid character.
is there a try catch routine with php?

harmor19
01-04-2006, 12:12 PM
Is this from a custom script you made or from vbulletin itself?

alqadir
01-07-2006, 11:29 AM
it is from an Erwin Form to Post hack.

filburt1
01-07-2006, 03:32 PM
Escape quotes in all strings you use in the query. addslashes works but vB's MySQL class also has a method to do it.

Guest190829
01-07-2006, 03:36 PM
vB's class uses:


$db->escape_string($foo)

Paul M
01-07-2006, 03:39 PM
Does that exist in 3.0 ?

Guest190829
01-07-2006, 03:41 PM
Nope, it was implemented with 3.5. :)