I've used the $_GET to delete an individual message, and Obviously in a members are if the user was to change the ?id=1 to 2,3 or 4 it would also delete them, so i've decided to prevent this by making sure the id is in the members Inbox.
My problem is I've decided to automatically send a CFA to my zone moderators + to tell them a member has deliberatly eddited the URL and needs to be warned. but I'm getting the following errors:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, msg, date, time, ip) VALUES ('Zroxx','xyn. is tr' at line 1
My code is:
include "db.php"; $ip = getenv('REMOTE_ADDR'); $bad_user = $_SESSION['user']['user']; $db = mysql_connect("localhost", $login, $pwd) or die(mysql_error()); mysql_select_db("zroxxco_members") or die(mysql_error()); $bansql = "INSERT INTO cfa (from, msg, date, time, ip) VALUES ('<font color=orange>Zroxx</font>','$bad_user. is trying to delete other peoples posts.','$date','$time','No Information')"; mysql_query($bansql, $db) or die(mysql_error());