[SOLVED] Adding none text to text field in database

[master82]

I have a mysql_query that inputs values into the database,

it works great until you add character such as ! - which brings up an error.

Hers is what i currently have... with £msg being the variable that holds a users text.
[code]



$msg=str_replace(array("\n"),array("<br />"),strip_tags($_POST['usermsg']));
mysql_query("INSERT INTO table VALUES('',{$value},{$msg},unix_timestamp());",$c) or die("Something went wrong - try using letters and numbers only!<p><a href=page.php'>Back</a>");






[/code]

The database field is simply a text type, anyone know how I can add the $msg to the database, including all the error characters such as !

Thanks :)

[obsidian]

You've got to put single quotes around all your values as you insert them. You also want to check to be sure that all your characters are properly escaped before you insert text. Try something like this:
[code]
<?php
$msg = trim(strip_tags($_POST['usermsg']));
$msg = mysql_real_escape_string($msg);
$sql = "INSERT INTO myTable VALUES ('', '{$value}', '{$msg}', unix_timestamp())";
if (!mysql_query($sql)) {
  // error has occurred, let's handle it here
}

// Notice that I didn't do your str_replace()??? That's because PHP has a built in function
// that you can use when you output text to do that for you:
echo nl2br($msg);
?>
[/code]

Good luck!

[master82]

Sorry - i realised my mistake shortly after i posted...

...thanks for the help anyway ;D