Jump to content


Photo

inserting information into a mysql database *FIXED*


  • Please log in to reply
2 replies to this topic

#1 sk1tL1L

sk1tL1L
  • Members
  • PipPip
  • Member
  • 12 posts

Posted 07 October 2006 - 01:33 AM

i'm creating a message system, and it keeps echoing "error" so i don't know what the prblem is!
<?php
include ("config.php");
$to=$_POST['username'];
$message=$_POST['message'];

// Insert data into mysql
$sql="INSERT INTO messages(to, from, message)VALUES('$to', '$member', '$message')";
$result=mysql_query($sql);

if($result){
echo "The PM has been sent to $to!";
}

else {
echo "ERROR";
}

// close connection
mysql_close();
?>
FIXED

#2 dual_alliance

dual_alliance
  • Members
  • PipPipPip
  • Advanced Member
  • 140 posts
  • LocationNSW, Australia

Posted 07 October 2006 - 01:38 AM

Try

// Insert data into mysql
$sql="INSERT INTO `messages` (`to`, `from`, `message`)VALUES('$to', '$member', '$message')";
$result=mysql_query($sql);


#3 corbin

corbin
  • Staff Alumni
  • Advanced Member
  • 8,129 posts

Posted 07 October 2006 - 02:30 AM

Your server may automatically addslashes everything... but just to be safe you probably want to do it in your script.  Someone could put
');  DELETE FROM `messages`;
or other things and it would execute it in the sql query...

[code=php:0]
foreach($_POST as $k => $v) {
$_POST[$k] = addslashes($v);
}
is what i normally use....
Why doesn't anyone ever say hi, hey, or whad up world?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users