Jump to content

Archived

This topic is now archived and is closed to further replies.

sk1tL1L

inserting information into a mysql database *FIXED*

Recommended Posts

i'm creating a message system, and it keeps echoing "error" so i don't know what the prblem is!
[code]<?php
include ("config.php");
$to=$_POST['username'];
$message=$_POST['message'];

// Insert data into mysql
$sql="INSERT INTO messages(to, from, message)VALUES('$to', '$member', '$message')";
$result=mysql_query($sql);

if($result){
echo "The PM has been sent to $to!";
}

else {
echo "ERROR";
}

// close connection
mysql_close();
?>[/code]
[size=10pt][b][color=red]FIXED[/color][/b][/size]

Share this post


Link to post
Share on other sites
Try

[code]
// Insert data into mysql
$sql="INSERT INTO `messages` (`to`, `from`, `message`)VALUES('$to', '$member', '$message')";
$result=mysql_query($sql);
[/code]

Share this post


Link to post
Share on other sites
Your server may automatically addslashes everything... but just to be safe you probably want to do it in your script.  Someone could put
[code=php:0]
');  DELETE FROM `messages`;
[/code]
or other things and it would execute it in the sql query...

[code=php:0]
foreach($_POST as $k => $v) {
$_POST[$k] = addslashes($v);
}
is what i normally use....

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.