更新显示错误的表中的字段

Question

I've a customer table i that table in one i need to store data of customer as a text a declare that in db that varchar(1500) while am trying to update that field i getting following erro

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's standard dummy text ever since the 1500s, when an unknown printer took a galle' at line 1"

field name is "comments1 varchar(1500);"

My query is

$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";

how to solve it...

Answer 1

before your query add this code

$comments1=mysql_real_escape_string($comments1);

<----your query goes here--->

Answer 2

According to the error message:

...or the right syntax to use near 's standard dummy text ever since
error starts here ^

Probably you are inserting a value that has single quote ( which breaks the sql statement causing syntax error ) on it. This is an indicator that you have not sanitized the values before inserting it on the database. There are several ways to avoid from sql injection:

• by using PDO
• and the other one: MySQLi .

For more details, please browse on this link.

• How to prevent SQL injection in PHP?

---

you can also use mysql_real_escape_string ( but will soon be deprecated )

$var = mysql_real_escape_string($comments1);
$sql="UPDATE customer SET comments1='$var' WHERE sno='$sno'";

Answer 3

Your comment variable contains single quotes you need to escape them with addslashes function.

Try this

$sql="UPDATE customer SET comments1='".addslashes($comments1)."' WHERE sno='$sno'";

Answer 4

It seems your column name is comments not comments1 . field name is "comments varchar(1500);" so change

$sql="UPDATE customer SET comments1='".$comments1."' WHERE sno='$sno'";

to

 $sql="UPDATE customer SET comments='".$comments1."' WHERE sno='$sno'";

Answer 5

最好尝试使用此函数mysql_real_escape_string（）