sk1tL1L Posted October 7, 2006 Share Posted October 7, 2006 i'm creating a message system, and it keeps echoing "error" so i don't know what the prblem is![code]<?phpinclude ("config.php");$to=$_POST['username'];$message=$_POST['message'];// Insert data into mysql$sql="INSERT INTO messages(to, from, message)VALUES('$to', '$member', '$message')";$result=mysql_query($sql);if($result){echo "The PM has been sent to $to!";}else {echo "ERROR";}// close connectionmysql_close();?>[/code][size=10pt][b][color=red]FIXED[/color][/b][/size] Quote Link to comment Share on other sites More sharing options...
dual_alliance Posted October 7, 2006 Share Posted October 7, 2006 Try [code]// Insert data into mysql$sql="INSERT INTO `messages` (`to`, `from`, `message`)VALUES('$to', '$member', '$message')";$result=mysql_query($sql);[/code] Quote Link to comment Share on other sites More sharing options...
corbin Posted October 7, 2006 Share Posted October 7, 2006 Your server may automatically addslashes everything... but just to be safe you probably want to do it in your script. Someone could put [code=php:0]'); DELETE FROM `messages`;[/code]or other things and it would execute it in the sql query...[code=php:0]foreach($_POST as $k => $v) {$_POST[$k] = addslashes($v);}is what i normally use.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.