0

Hi Everyone,

I am facing one problem in inserting query when i am inserting value of textarea in database.

Let me explain whole of this.

i am working as a empoyee form in which form when we insert value of all information regarding leave of that employee . In this form i am inserting value of one textarea which is purpose of leave.
IN this text area(Purpose of Leave) when i put simple value like this

"I have an urgent work " it is working well then. But if i put in this textarea such type of value
" I want to go in brother's marriage"
Then it is giving such type of error

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's marriage','vikas.malviya@dobhaltechnologies.com','2009-04-03')' at line 3


And this is insert query which i am using in this file

$sql =  "INSERT INTO grantleave(id,empid,name,leavetype,fullday,nooffullday,datefrom,dateto,purposeofleave,manager,date)

 VALUES('','$empid','$name' ,'$leavetype','$fullday','$fulldayc','$from','$to','$leaveperpose','$send','$date01')";

if (!mysql_query($sql,$link))

  {

  die('Error: ' . mysql_error());

  }

Here $leaveperpose is that variable which is giving error. when i am putting value in this "I want to go in brother's marriage". But when i am giving just " I have an urgent work" . Then it is not giving any error . What can be reason behind this. Please tell me.

Thanks
Gagan

2
Contributors
3
Replies
5
Views
8 Years
Discussion Span
Last Post by nav33n
0

escape single quotes and forward slashes by using mysql_real_escape_string. This will prevent sql injections as well.
Ie.,

$leavetype = mysql_real_escape_string($leavetype);
$fullday = mysql_real_escape_string($fullday);
// and so on...
0

escape single quotes and forward slashes by using mysql_real_escape_string. This will prevent sql injections as well.
Ie.,

$leavetype = mysql_real_escape_string($leavetype);
$fullday = mysql_real_escape_string($fullday);
// and so on...

Thanks sir,
i resloved this problem with using this mysql_real_escape_string($leavepurpose);

Thank you very much.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.