jwk811 Posted January 24, 2010 Share Posted January 24, 2010 Here's the function. The problem is when there is symbols in the reply or subject and previous message, it shows a syntax error. Probably because of quotes. I used nl2br() because I thought that made it so you could use symbols. I dunno what else the problem could be or how to fix this. Thanks for any help! function replyTo() { $replyingto = $_POST['replyingto']; $reply = $_POST['reply']; $reply = nl2br($reply); $sql = "SELECT * FROM tbl_message WHERE msg_id = '$replyingto'"; $result = dbQuery($sql); if (dbNumRows($result) == 1) { $row = dbFetchAssoc($result); extract($row); if($msg_status == 'read'){ $sql = "UPDATE tbl_message SET msg_status = 'replied' WHERE msg_id = $msg_id"; dbQuery($sql); } $sub = 'Re: ' . nl2br($msg_sub); $text = $reply . '<br><br><br>-----------------------------------------<br>' . $msg_from_user . ' wrote on ' . $msg_datetime . '<br>' . nl2br($msg_text); $sql = "SELECT user_name FROM tbl_user WHERE user_id = '$msg_to'"; $result = dbQuery($sql); $row = dbFetchAssoc($result); $username = $row['user_name']; $sql = "INSERT INTO tbl_message (msg_from, msg_from_user, msg_to, msg_sub, msg_text, msg_datetime) VALUES ('$msg_to', '$username', '$msg_from', '$sub', '$text', NOW())"; dbQuery($sql); header('Location: index.php?view=messages'); } } Quote Link to comment Share on other sites More sharing options...
jl5501 Posted January 24, 2010 Share Posted January 24, 2010 nl2br() simply converts newlines to <br> to protect against quotes, you need mysql_real_escape_string() Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.