Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
----
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = "SELECT * FROM knowledgeBase";
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = "INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'".$ID."',
'".$title."',
'".$keywords."',
'".$content."',
'".$created_date."',
'Never',
'".$product."')";
$result2 = mssql_query($query2);
----
where my $content value is osmethign like this.
"Step 1: Access the homepage
Step 2: type in your username under the field 'username' "
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'....and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2......please advise..
THanks!.
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
