[thelist] PHP - Invalid Query

Burhan Khalid thelist at meidomus.com
Sat Jun 12 02:42:34 CDT 2004

Chris Rosser wrote:

> Rob,
> It's tripping up because there's an apostrophe in $message, which MySQL is
> interpreting as a single quote (i.e. it thinks the single quote in "I've" is
> the end of the data for the field).
> You'll need to use addslashes() or similar to escape any single quotes in
> $message before you insert it into the database. Try:
> $sql = "INSERT INTO newsarchive (newssubject, newsarchivetext) VALUES
> ('$subject', '" . addslashes($message) . "')";
> mysql_query($sql, $link) or die ("Invalid query");
There is also mysql_escape_string() which should be used.
Another suggestion would be to change your die() to something like 
die($sql."<br />".mysql_error()); -- atleast then you would know where 
it's failing :)

More information about the thelist mailing list