T strings.

[ngreenwood6]

so are you still getting that mysql error? did you copy my code exactly?

[dean7]

Yes that error i showed about the SQL thing is the error i got from your code

[ngreenwood6]

do me a favor right before if($_POST['submit']) echo $username, $msg, & $date. Then tell me what each of those values contain. do any of them contain a '

[dean7]

When i try echoing them it just shows the same error as last time  :-\

[ngreenwood6]

yeah but it should still show the values. what type of field is the date field you are inserting into. is it a varchar?

[dean7]

What you mean? When it inserts into the database i goes into pmessage so when some1 has commented on that profile they get a message

[ngreenwood6]

when you setup the database you had to select a type (ex. varchar, int, date). Basically what is happening is that something in the query has an invalid character which can be fixed by mysql_real_escape_string, but if the date you are entering is a date field it wont work. you can try this though:

 

<?php
///////////// Start Of New Code ///////////////
///////////// Add Comment On Profile //////////

include ("config.php");
include ("makelogin.php");

////////////// Includes //////////////////

$username = $logged['username'];
$ul = $logged['userlevel'];
$msg=strip_tags($_POST['msg']);
$date = gmdate('Y-m-d h:i:s');

$username = mysql_real_escape_string($username);
$msg = mysql_real_escape_string($msg);
$date = mysql_real_escape_string($date);

///////////// Starting Varibals //////////////////

$query=mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$fetch=mysql_fetch_object($query);

///////////// Querys /////////////////////////

if ($_POST['submit'])
{
///////////////////// Line 158 is The One BELOW This ////////////////////////////////// 
mysql_query("INSERT INTO pmessages (id,title,from,message,date,unread) VALUES('','Profile Comment','$username','$msg','$date','unread')") or die(mysql_error());
echo "<font color='black'>Comment Sent To $username!";
}


///////////// Sending The Comment They Sent ///////////////////
?>

<html>
<form method="post" action="">
<table width='80%' cellspacing='0' cellpadding='0' border='1' bordercolor='#000000'>
<tr>
<td>
  <p align="center">Comment To Send: <br>
</td>
</tr>
<tr>
<td>
    <textarea name="msg" cols="40" rows="8" id="msg"></textarea>
</td>

   


</tr>
<tr>
</td>
    <input type="submit" name="submit" value="Send Comment">
</td>
</tr>
</table>
</form>
</html>

[dean7]

when you setup the database you had to select a type (ex. varchar, int, date). Basically what is happening is that something in the query has an invalid character which can be fixed by mysql_real_escape_string, but if the date you are entering is a date field it wont work. you can try this though:

 

<?php
///////////// Start Of New Code ///////////////
///////////// Add Comment On Profile //////////

include ("config.php");
include ("makelogin.php");

////////////// Includes //////////////////

$username = $logged['username'];
$ul = $logged['userlevel'];
$msg=strip_tags($_POST['msg']);
$date = gmdate('Y-m-d h:i:s');

$username = mysql_real_escape_string($username);
$msg = mysql_real_escape_string($msg);
$date = mysql_real_escape_string($date);

///////////// Starting Varibals //////////////////

$query=mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
$fetch=mysql_fetch_object($query);

///////////// Querys /////////////////////////

if ($_POST['submit'])
{
///////////////////// Line 158 is The One BELOW This ////////////////////////////////// 
mysql_query("INSERT INTO pmessages (id,title,from,message,date,unread) VALUES('','Profile Comment','$username','$msg','$date','unread')") or die(mysql_error());
echo "<font color='black'>Comment Sent To $username!";
}


///////////// Sending The Comment They Sent ///////////////////
?>

<html>
<form method="post" action="">
<table width='80%' cellspacing='0' cellpadding='0' border='1' bordercolor='#000000'>
<tr>
<td>
  <p align="center">Comment To Send: <br>
</td>
</tr>
<tr>
<td>
    <textarea name="msg" cols="40" rows="8" id="msg"></textarea>
</td>

   


</tr>
<tr>
</td>
    <input type="submit" name="submit" value="Send Comment">
</td>
</tr>
</table>
</form>
</html>

that still displays the error. But if i have to i could do it so i dont have the date there?

[ngreenwood6]

other than what I have show you there is no reason why this shouldnt be working unless there is something in the code that I am missing. if you want to insert the date I would suggest that you use an int as the type for the date and insert a timestamp. for example:

 

$date = timestamp();

 

Then when you want the show the date you would do:

$date = timestamp(); //you would pull the date here but just as an example
$actual_date = date("m/d/y",$date);

 

If I were you I would make sure that the tables you are trying to insert to are the correct type (check in phpmyadmin). The username and msg should be varchar and date if you use what i said should be int. Also you can remove the strip_tags() from $msg as long as you use mysql_real_escape_string(). mysql_real_escape_string should be run on any data that is put in a query because it makes it database safe thus preventing mysql errors. I would try taking the date out for now and see if it works without it and if so then it has something to do with the type or the actual date that you are trying to insert. Any more questions just ask