Home/ Questions/Q 8505021
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T02:12:05+00:00

I have a PHP MSSQL Query that worked previously, Hoever since I have changed

  • 0

I have a PHP MSSQL Query that worked previously, Hoever since I have changed an element that appears to have nothing to do with the query, it has started throwing errors.

Here is the query:

<?php 
if (isset($_POST['paper'])) {

$PageHTML = $_POST['ckeditor'];
$PageID = $_GET['id'];

$myServer = "**.***.***.**";
$myUser = "username";
$myPass = "password";
$myDB = "database";

$dbhandle = mssql_connect($myServer, $myUser, $myPass)
or die("Couldn't connect to SQL Server on $myServer"); 
mssql_select_db($myDB) or die;

$dbTABLE = "Table_Name";
$query_sql = sprintf("UPDATE %s SET PageHTML = ('%s') WHERE PageID = '%d'",
$dbTABLE,
$PageHTML,
$PageID); 

if ($result = mssql_query($query_sql, $dbhandle)) {
header('Location: Manage.php');
}
}
?>

The errors is has started throwing are as follows:

Warning: mssql_query() [function.mssql-query]: message: Incorrect syntax near 're'.   (severity 15) in (file path) on line 59

Warning: mssql_query() [function.mssql-query]: message: Unclosed quotation mark after  the character string '</p> </div> </td> </tr> </tbody> </table>') WHERE PageID = '2''.   (severity 15) in (file path) on line 59

line 59 is this line:

if ($result = mssql_query($query_sql, $dbhandle)) {

I have checked it and am using similar syntax in other areas. Can anyone see where it is wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are trying to add HTML code into database and there are troubles with quotes and special symbols. Yes, u can say you’re doing sprintf(), but that function dont solve sql syntax problems. Try for example addslashes() or else sanitizing php functions.

    • 0