2

I'm getting this error in my php script:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'M�Uɽފ�')' at line 1

and my code:

$Connection = mysql_connect("127.0.0.1", "root", "12345678");
mysql_select_db("database5", $Connection);

$Hashsz = "FF381278A9AB19274D9755C9BDDE8A82";
$HashBin = pack("H*", $Hashsz);

$Query = "INSERT INTO Hashes (Hash) VALUES ('{$HashBin}')";
if(mysql_query($Query, $Connection))
{
    echo "inserted";
}
else
{
    echo mysql_error();
}

the value type is: binary(16)

why?

Improve this question
2
  • You should convert the data to a text format. Check this answer out: stackoverflow.com/questions/14505673/…. Commented Oct 1, 2015 at 0:15
  • try remove single quotes from '{$HashBin}' Commented Oct 1, 2015 at 0:15

1 Answer 1

Reset to default
0

With old mysql extension you should use mysql_real_escape_string to escapes your $HashBin. Even better you shoud use prepared statements and parameterized queries. Read "How can I prevent SQL-injection in PHP?" question.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

a question, is not it supposed that $HashBin is a binary data? why should I use that function?
just print $HashBin and see what contains

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.