-2

I am having error and I am not able to identify the problem. I will really appreciate help.

$sql = "INSERT INTO scrapeddata (Id,Store, ImageURL, ShortDescription, CashPercentage, ShoppingPoints, LongDescription, Contact, Information)
                        VALUES ($ID, $name, $ImageUrl, $ShortDecription, $CashBack, $SallingPoints, $LongtDecription, $Contact, $Information)";

Structure of my Table is :Table Structure

Update : Following image illustrate the actual error, php variable is resolved dynamically to retreive the string , but "with in the string" it contains single quotes ' according to me these quotes are causing error . Help !! enter image description here

HaveNoDisplayName
  • 8,291
  • 106
  • 37
  • 47
Subtain Ishfaq
  • 793
  • 9
  • 16
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Are you getting an error messages? This is not enough code for us to troubleshoot. – Jay Blanchard Jul 15 '15 at 17:33
  • is `Id` is Auto Increment? If yes you dont't need to insert it – Shehary Jul 15 '15 at 17:35
  • can you please share the error? – Abhishek Ginani Jul 15 '15 at 17:35
  • I have shared the error , may be its too small , but it shows that error occurred while inserting , exactly on the position where the variable's value have single quotes – Subtain Ishfaq Jul 16 '15 at 11:14

1 Answers1

0

Put quotations on string variables. And escape all ur variables before inserting in query.

mysql-escape-string

$name = mysql_escape_string($name);

$sql = "INSERT INTO scrapeddata (Id,Store, ImageURL, ShortDescription, CashPercentage, ShoppingPoints, LongDescription, Contact, Information)
                        VALUES ('$ID', '$name', '$ImageUrl', '$ShortDecription', '$CashBack', '$SallingPoints', '$LongtDecription', '$Contact', '$Information')";
Abdul Rehman
  • 1,662
  • 3
  • 22
  • 36
  • This is just putting a bandage on a very serious problem. Without [rigorous escaping](http://bobby-tables.com/php) none of this will work properly. – tadman Jul 15 '15 at 18:25
  • Thank you @bsienn , but now with in the string there are single quotes and are causingerror – Subtain Ishfaq Jul 16 '15 at 11:15