-1

Hello,

I'm having an issue with a MySQL/PHP site I'm working on. I'm new to both. I've seen several posts that were similar or same but was unable to derive a solution based on my code.

I have a form that will submit HTML code to a database. I know the form/php/database works since I've test it with non-code text and it works fine.

An example of the HTML code I'd like to submit is as follows; it will be for a link within an image (the image located on the web).

<a target='new' href='http://www.destination.com><IMG alt='ALT TAG' border='0' src='http://www.imagelocation.com></a><IMG border='0' width='1' height='1' src='http://www.image sourece.com>

The Error reads as follows:

ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'new' href='http://www.destination.com>ALT TAG

Below is the code for the 'add' which contains the form and 'added' which sends to the database.

add.php

<form method="post" action="added.php">
<b>Please enter the catalog item information:</b><br>

<table>
<tr>
	<td>
		<label for="link"><b>Link:</b></label>
	</td>
	<td>
		<input id="link" name="link"  size="100" />
	</td>
</tr>
</table>

<input type="submit" name="submit" value="Add" />
</form>

added.php

<?php

include("connect.php");
	
mysql_select_db("dbase", $con);
	
	$sql="INSERT INTO catalog (link)
	VALUES('$_POST[link]')";

	if (!mysql_query($sql,$con))
	{
	die('ERROR: '. mysql_error());
	}

 if(isset($_POST['submit']))
 {
 	
	echo "<h1>Success!</h1><br>Catalog item has been entered into database.<br><br>";
 	
 }
 else
 {
  header("Location: add.php", 301);
 }  
 
 mysql_close($con)
 
 ?>
3
Contributors
2
Replies
9
Views
8 Years
Discussion Span
Last Post by guru12
0

You should escape ' before adding it to the database.
Use,

$link = mysql_real_escape_string($_POST['link']);
	$sql="INSERT INTO catalog (link)
	VALUES ('$link')";

You got that error because, the opening ' in your query is terminated when it encounters

<a target='

-1

Dear friend

Use the insert code like this

INSERT INTO `tablename` (`id`, `name`) VALUES
(30, '<a href=ww.yahoo.com>Yahoo</a>');

THanks and Regards

Votes + Comments
Its a 2 months old thread. Is it really necessary to bring it up ?
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.