[SOLVED] Php and MySQL - Insert Query Failed

[rfighter]

Hi,

 

When I run the following code:

 

if ($_POST[to])
{
//the form has been submitted.  Now we have to make it secure and insert it into the database
$subject = htmlspecialchars(addslashes("$_POST[subject]"));
$message = htmlspecialchars(addslashes("$_POST[message]"));
$to = htmlspecialchars(addslashes("$_POST[to]"));
//the above lines remove html and add \ before all "
$getusersql = mysql_query("SELECT * FROM `users` WHERE `username` = '$to'");
$getuserid = mysql_fetch_array($getusersql);

$getsendersql = mysql_query("SELECT * FROM `users` WHERE `username` = '$logged[username]'");
$getsenderid = mysql_fetch_array($getsendersql);

$ip = $_SERVER['REMOTE_ADDR'];

$unread = "unread";

$send = "INSERT INTO pmessages (title, message, touser, from, unread, ip) VALUES ('$subject', '$message', '$getuserid[id]', '$getsenderid[id]', '$unread', '$ip')";
mysql_query($send) or die('Error, insert query failed');

 

I receive the error "error, insert query failed". I've echoed the query, which gives

 

INSERT INTO pmessages (title, message, touser, from, unread, ip) VALUES ('testt', 'test', '2', '2', 'unread', 'xx.xxx.xx.xx')

 

 

...as it should, and I can't see a problem with the syntax. Any help would be appreciated!

 

Thanks.

[trq]

from is a special word in sql, you will either need to change your field name, or surround it with `backticks` within your query.

[rfighter]

It works now, many thanks!