sk1tL1L Posted October 7, 2006 Share Posted October 7, 2006 i'm creating a message system, and it keeps echoing "error" so i don't know what the prblem is![code]<?phpinclude ("config.php");$to=$_POST['username'];$message=$_POST['message'];// Insert data into mysql$sql="INSERT INTO messages(to, from, message)VALUES('$to', '$member', '$message')";$result=mysql_query($sql);if($result){echo "The PM has been sent to $to!";}else {echo "ERROR";}// close connectionmysql_close();?>[/code][size=10pt][b][color=red]FIXED[/color][/b][/size] Link to comment https://forums.phpfreaks.com/topic/23238-inserting-information-into-a-mysql-database-fixed/ Share on other sites More sharing options...
dual_alliance Posted October 7, 2006 Share Posted October 7, 2006 Try [code]// Insert data into mysql$sql="INSERT INTO `messages` (`to`, `from`, `message`)VALUES('$to', '$member', '$message')";$result=mysql_query($sql);[/code] Link to comment https://forums.phpfreaks.com/topic/23238-inserting-information-into-a-mysql-database-fixed/#findComment-105360 Share on other sites More sharing options...
corbin Posted October 7, 2006 Share Posted October 7, 2006 Your server may automatically addslashes everything... but just to be safe you probably want to do it in your script. Someone could put [code=php:0]'); DELETE FROM `messages`;[/code]or other things and it would execute it in the sql query...[code=php:0]foreach($_POST as $k => $v) {$_POST[$k] = addslashes($v);}is what i normally use.... Link to comment https://forums.phpfreaks.com/topic/23238-inserting-information-into-a-mysql-database-fixed/#findComment-105374 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.