xyn Posted July 16, 2006 Share Posted July 16, 2006 Hey guys,I've used the $_GET to delete an individual message, and Obviously in a members are if the user was to change the ?id=[color=red]1[/color] to [color=red]2,3 or 4[/color] it would also delete them, so i've decided to prevent this by making sure the id is in the members Inbox.My problem is I've decided to automatically send a CFA to my zone moderators + to tell them a member has deliberatly eddited the URL and needs to be warned. but I'm getting the following errors:[sup]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, msg, date, time, ip) VALUES ('Zroxx','xyn. is tr' at line 1[/sup]My code is:[code=php:0]include "db.php"; $ip = getenv('REMOTE_ADDR'); $bad_user = $_SESSION['user']['user']; $db = mysql_connect("localhost", $login, $pwd) or die(mysql_error()); mysql_select_db("zroxxco_members") or die(mysql_error()); $bansql = "INSERT INTO cfa (from, msg, date, time, ip) VALUES ('<font color=orange>Zroxx</font>','$bad_user. is trying to delete other peoples posts.','$date','$time','No Information')"; mysql_query($bansql, $db) or die(mysql_error());[/code] Quote Link to comment https://forums.phpfreaks.com/topic/14778-sql-problem/ Share on other sites More sharing options...
AndyB Posted July 16, 2006 Share Posted July 16, 2006 FROM is a reserved word in MySQL. You should not use reserved words as fieldnames. Right solution is to change the from to something else (fromx for example); sloppy solution is to enclose reserved words in backticks .... `from` Quote Link to comment https://forums.phpfreaks.com/topic/14778-sql-problem/#findComment-59027 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.