pick apart my query mistake

[mike12255]

Its time for bed but I have to finish this file before I go to bed and I cant figure out the mistake with my query hoping there are some fresh eyes out there that can see it.

 

Here is the line :

$query = $qls->Security->make_safe("INSERT INTO `{$qls->config['sql_prefix']}chat` (username, message) VALUES (\"$user\", \"$message\")");

when I die the statement I get:

 

 

 

INSERT INTO `qls3_chat` (username, message) VALUES ("mike12255", "TESTING FJFDHSJHDFISEJ")

 

I can take that and query that in through php my admin no problem but when i run a query through php code I get the error:

 

 

 

1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"mike12255", "TESTING FJFDHSJHDFISEJ")' at line 1

 

[objnoob]

try single quotes?

[mike12255]

same error

[mac_gyver]

your make_safe method is probably breaking the sql.

 

a) what is the code of you make_safe method?

 

b) you should be escaping the data values being put into the query, not the entire query.

[mike12255]

Thanks for giving me a suggestion of where to look. I marked this as solved I need to get to bed. If in the morning I cannot find a solution ill post more code and unsolve it