Jump to content


Sql Problem...

  • Please log in to reply
1 reply to this topic

#1 xyn

  • Members
  • PipPipPip
  • Advanced Member
  • 779 posts
  • LocationNorthampton

Posted 16 July 2006 - 05:33 PM

Hey guys,
I've used the $_GET to delete an individual message, and Obviously in a members are if the user was to change the ?id=1 to 2,3 or 4 it would also delete them, so i've decided to prevent this by making sure the id is in the members Inbox.

My problem is I've decided to automatically send a CFA to my zone moderators + to tell them a member has deliberatly eddited the URL and needs to be warned. but I'm getting the following errors:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, msg, date, time, ip) VALUES ('Zroxx','xyn. is tr' at line 1

My code is:
include "db.php";
				$ip = getenv('REMOTE_ADDR');
				$bad_user = $_SESSION['user']['user'];
			$db = mysql_connect("localhost", $login, $pwd) or die(mysql_error());
			mysql_select_db("zroxxco_members") or die(mysql_error());
			$bansql = "INSERT INTO cfa (from, msg, date, time, ip) VALUES ('<font color=orange>Zroxx</font>','$bad_user. is trying to delete other peoples posts.','$date','$time','No Information')";
			mysql_query($bansql, $db) or die(mysql_error());

#2 AndyB

  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 16 July 2006 - 06:03 PM

FROM is a reserved word in MySQL.  You should not use reserved words as fieldnames.  Right solution is to change the from to something else (fromx for example); sloppy solution is to enclose reserved words in backticks .... `from`
Legend has it that reading the manual never killed anyone.
My site

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users