run query problem

musharaf · September 22nd, 2003, 06:42 AM

Hi,
I need help in INSERT query. i want to insert this data via INSERT query. but the query dont run. neither it displays any error/warning message.
INSERT INTO temp_sale (salepersonid, product_id, cat_id, action_id, prod_name, short_desc, long_desc, picture_url, price) VALUES('5', 'T63-2', '15', '321', '', 'Features a variety of carnations and daisies in a lovely basket. Approximately 20" H x 16" W.', 'The serenity of cattails surrounded by the excitement of blazing blooms. Soothing, thrilling...they'll love the contrast! Features a variety of carnations and daisies in a lovely basket. Approximately 20" H x 16" W.', 'images/HW0_1644.jpg', '45.00')

The PHP code is as follows.
$query2 = "INSERT INTO temp_sale (salepersonid, product_id, cat_id, action_id, prod_name, short_desc, long_desc, picture_url, price) VALUES('" . $saleid . "', '" . $productid . "', '" . $cat_id . "', '" . $action_id . "', '" . $item_name . "', '" . $short_desc . "', '" . $long_desc . "', '" . $picture_url . "', '" . $price . "')";

db_connect($default_dbname);
mysql_query($query2);

FYI, DB connection is OK before running this query i am running a SELECT query successfully. what i guess that a single quote "'" in the data to be inserted is causing problem. Is there any way to insert large data that can contain "'"?
Thanks in advance.

Musharaf Choudhry

richard.york · September 22nd, 2003, 12:32 PM

Try this:

$result = mysql_query($query);

if (empty($result))
{

     echo mysql_error().": ";
     echo mysql_errno()."<br />\n";
     echo $query."<br />\n";

}

See if mysql returns an error from PHP.

I also don't see where your mysql link handler is identified. Is this made an exported global within the db_connect function? If so try specifing the mysql link resource in the query as the second argument for mysql_query($query, $link); I would designate the link resource as a superglobal $GLOBALS["link"] or return its value from db_connect. Then specify it as $link in the second argument. (provided that this script executes in global scope or $GLOBALS["link"] if accessed from within a function or class). Eventhough you say its working fine! If it doesn't spit out an error at mysql_query() then it is likely working fine and is likely an SQL syntax error.

$link = db_connect($default_dbname);

In your first query you need to escape all single quotes using a backslash \' <- like so.
Within PHP however all quotes, single and double should automagically be escaped with the magic quotes directive.

hth
: )
Rich

:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::

nikolai · September 22nd, 2003, 02:11 PM

If you don't have the magic quotes directive on, you should use addslashes() and stripslashes() to escape all the special characters in a string, including quotes and other slash characters.

  http://www.php.net/addslashes
  http://www.php.net/stripslashes

If you can't control the PHP configuration for the servers you're writing applications for, then you might want to write a function to handle quote escaping for all servers, regardless of the magic quotes setting.

function escape_string($text)
{
    return get_magic_quotes_gpc()? $text : addslashes($text);
}

If you call this function for ALL strings you're inserting into the database, you're set. It's a little extra overhead, but it allows your script to run on almost any server. I say "almost" because sybase uses an extra single-quote to escape single-quotes, not a backslash.

Take care,

Nik
http://www.bigaction.org/