Hi,
When I run the following code:
if ($_POST[to])
{
//the form has been submitted. Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$getusersql = mysql_query("SELECT * FROM `users` WHERE `username` = '$to'");
$getuserid = mysql_fetch_array($getusersql);
$getsendersql = mysql_query("SELECT * FROM `users` WHERE `username` = '$logged[username]'");
$getsenderid = mysql_fetch_array($getsendersql);
$ip = $_SERVER['REMOTE_ADDR'];
$unread = "unread";
$send = "INSERT INTO pmessages (title, message, touser, from, unread, ip) VALUES ('$subject', '$message', '$getuserid[id]', '$getsenderid[id]', '$unread', '$ip')";
mysql_query($send) or die('Error, insert query failed');
I receive the error "error, insert query failed". I've echoed the query, which gives
INSERT INTO pmessages (title, message, touser, from, unread, ip) VALUES ('testt', 'test', '2', '2', 'unread', 'xx.xxx.xx.xx')
...as it should, and I can't see a problem with the syntax. Any help would be appreciated!
Thanks.