Home/ Questions/Q 8205815
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T08:24:51+00:00

I am trying to build a PHP Form with MySQL. The problem is that

  • 0

I am trying to build a PHP Form with MySQL. The problem is that I get an error every time if I try to add some long Text into the field.

The error

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near…..at line 1

The PHP code generating the query is this:

<?php

if ( $_GET['aktion'] == "speichern" )
{
    $title          = $_GET['title'];
    $description    = $_GET['description'];
    $applepart      = $_GET['applepart'];
    $partnumber     = $_GET['partnumber'];
    $productcode    = $_GET['productcode'];
    $compatibility  = $_GET['compatibility'];
    $url_bild       = $_GET['url_bild'];
    $price          = $_GET['price'];

    $sql  = "INSERT INTO adressbuch ";
    $sql .= " SET ";
    $sql .= " title         = '$title', ";
    $sql .= " description   = '$description', ";
    $sql .= " applepart     = '$applepart', ";
    $sql .= " partnumber    = '$partnumber', ";
    $sql .= " productcode   = '$productcode', ";
    $sql .= " compatibility = '$compatibility', ";
    $sql .= " url_bild      = '$url_bild', ";
    $sql .= " price         = '$price' ";

    require_once ('konfiguration.php');
    $db_erg = mysql_query($sql)
        or die("Anfrage fehlgeschlagen: " . mysql_error());

    echo '<h1>Adresse wurde speichert</h1>';
    echo '<a href="auflistung.php">Auflistung anzeigen</a>';
    exit;
}
?>

<form name="" action="" method="GET" enctype="text/html">
<p>Title:<br />
<input type="text" name="title" value="" size="60" />
</p>
<p>description:<br />
<input type="text" name="description" value="" size="60" />
</p>
<p>applepart:<br />
<input type="text" name="applepart" value="" size="60" />
</p>
<p>partnumber:<br />
<input type="text" name="partnumber" value="" size="60" />
</p>
<p>productcode:<br />
<input type="text" name="productcode" value="" size="60" />
</p>
<p>compatibility:<br />
<input type="text" name="compatibility" value="" size="60" />
</p>
<p>Bild:<br />
<input type="text" name="url_bild" value="" size="60" />
</p>
<p>price:<br />
<input type="text" name="price" value="" size="60" />
</p>

<input type="hidden" name="aktion" value="speichern" />

<input type="Submit" name="" value="speichern" />
</form>

Thanks for your help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Your code is susceptible to SQL injection, and your problem is only a hint as to why.

    The rule we always use is: “Never trust data from the user-agent” (i.e. consider anything in $_GET or $_POST as potentially problematic or worse). At a minimum, we should always escape these values using mysqli_real_escape_string or else a more robust DB framework.

    • 0