i have a with my script
I made a basic messaging service for my website.
I have a form with a textarea as an input variable. It inserts the textarea value to a database using a php script upon form submission. The SQL field is set as longtext so the user can insert a large text string.
There's a few things i need to do to perfect it. I need to make it so the user can only insert text characters, so not to allow script manipulation; and I need to figure out why it's deleting my intro message when changing the `read` field from `unread` to `read`.
The `messages` SQL table is separated into 6 fields: to, from, message, read, subject, and number.
when the user reads a message, i have a php script that reads as follows:
<?php
include("include/session.php");
function curPageName() {
return substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);
}
$pagename = curPageName();
$replaced2 = eregi_replace("message", "", $pagename);
$number = eregi_replace(".php", "", $replaced2);
mysql_select_db("******_starcraft") or die(mysql_error()) ;
$query = " SELECT * FROM `messages` WHERE number='$number' ";
$result = mysql_query($query);
$info = mysql_fetch_array ( $result );
$to = $info['to'];
$from = $info['from'];
$subject = $info['subject'];
$message = $info['message'];
$read = $info['read'];
mysql_query("DELETE FROM `messages` WHERE `number`='$number'") ;
mysql_query("INSERT INTO `messages` VALUES ('$to', '$from', '$message', 'read', '$subject', '$number')") ;
?>
Now, after trouble shooting, i found that the problem is occuring when it tries to insert the $message string into the third field of the `messages` table. I find this strange because when you send the message to this user using the "compose message" script, the input variable is inserted into the database table without a stitch.
Is there something i'm missing? i feel like it's on the tip of my tounge...
thanks in advance,
-dan