stripslashes was working just fine till the server upgraded from PHP 5.2 to 5.4. When I add an apostrophe in the field named “Salary” so for an example O’Brien, this is the message sent back to the browser:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s’, ‘]’)’ at line 3
Here is my PHP below. I’m completely stumped. I hope somebody can help.
The first script is the input page and the 2nd script is the output where I get the error message
[php]<?
//start a session
session_start();
//validate user to see if they are allowed to be here
if ($_SESSION[valid] != "yes") {
header("Location: http://www.localhost/orion/contact_menu.php");
exit;
}
?>
<html>
<head>
<title>Yacht Job Orders Management System</title>
</head>
<body>
<h1>Yacht Job Orders Management System</h1>
<h2><em>Add a Yacht</em></h2>
<form method="post" action="do_addcontact4.php">
<table cellspacing=3 cellpadding=3>
<tr>
<td valign=top>
<table cellspacing=3 cellpadding=5 id="table1">
<tr>
<th>POSITION INFO</th>
<th>CONTACT INFO</th>
</tr>
<tr>
<td valign=top>
<strong>Position Needed:</strong><br>
<input type="text" name="position" size=35 maxlength=50>
<p><strong>Salary:</strong><br>
<input type="text" name="salary" size=35 maxlength=10></p>
<p><strong>Start Date:</strong><br>
<input type="text" name="startdate" size=35 maxlength=10><br>
<i><font size="2">The above field must be filled out <br>in the following format: YYYY-MM-DD</br></font></i></p>
</td>
</tr>
</table>
[/php]
And here’s the 2nd script where there is echo stripslashes:
[code]
[php]<?
$db_name = “database”;
$table_name = “new_joborders”;
$connection = @mysql_connect(“localhost”, “database”, “password”)
or die(mysql_error());
$db = @mysql_select_db($db_name, $connection) or die(mysql_error());
$sql = “INSERT INTO $table_name
(id, position, salary, startdate) VALUES
(’’, ‘$_POST[position]’, ‘$_POST[salary]’, ‘$_POST[startdate]]’)”;
$result = @mysql_query($sql,$connection) or die(mysql_error());
?>
Yacht Job Orders Management System
Add a Contact - Yacht Added
The following information was successfully added to database
|