i am trying to run this SQL query in PHP:
UPDATE
billing_calldata
SET
status = 'c',
customer = '475',
description = 'UK Mobile VMNO C&W (fw7-C&W)',
customer_cost = '0.00720416666666667',
customer_ac = '0',
customer_sc = '0',
reseller_cost = '0',
reseller_ac = '0',
reseller_sc = '0'
WHERE sequence = 10364723
but it is returning this error:
UPDATE
billing_calldata
SET
status = 'c',
customer = '475',
description = 'UK Mobile VMNO CYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''UK Mobile VMNO C' at line 1
The description
is UK Mobile VMNO C&W (fw7-C&W)
But the query work fine directly in phpMyAdmin
the query is originating from my vb.net application:
SQL = "UPDATE billing_calldata SET " _
& "status = 'c', " _
& "customer = '" & customer_sequence & "', " _
& "description = '" & description & "', " _
& "customer_cost = '" & customer_cost & "', " _
& "customer_ac = '" & customer_ac & "', " _
& "customer_sc = '" & customer_sc & "', " _
& "reseller_cost = '" & reseller_cost & "', " _
& "reseller_ac = '" & reseller_ac & "', " _
& "reseller_sc = '" & reseller_sc & "' " _
& "WHERE sequence = " & sequence & " "
SQL = "apikey=1nt3gr4&submittedSQL=" + SQL
then i send this in a Post request to a PHP page, which contains the following:
if($_POST["apikey"] <> '' and $_POST["apikey"] == '1nt3gr4' and $_POST["submittedSQL"] <> '') {
$sql = $_POST["submittedSQL"];
mysql_query($sql, $conn) or die(mysql_error());
}
Escape the special characters with real_escape_string :
$description = $mysqli->real_escape_string($description);
then use $description
in the UPDATE
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.